The Biden administration is publishing a national cybersecurity strategic plan to shape how the United States keeps the online realm safer. It talks about the nation’s defenses, protection against hackers on businesses and key infrastructure, and more.
So what can you expect from the national cybersecurity strategy plan? What does it mean for you?
Why Is the 2023 National Cybersecurity Strategy Important?
Numerous factors undoubtedly led the Biden administration to crack down on cybersecurity with this plan. One of them is likely that the United States is often the target and origin country for online attacks.
NordLocker found that 46 percent of ransomware attacks occur in the U.S. Another finding was that Michigan was the most affected by such incidents, with Missouri experiencing them least often. Elsewhere, a CyberProof study revealed the United States as the second-ranked country for cyberattack origin, with only China committing more of those offenses.
It doesn’t help that rampant cyberattacks could curb Biden’s other goals for the United States. For example, in 2021, the leader ordered a 100-day investigation into the country’s semiconductor shortages. Ramping up domestic production was one widely discussed possibility to address the issue. However, cyberattacks severely hinder manufacturing operations, often forcing affected companies to halt production lines and disconnect from online networks.
A collection of expert perspectives from Homeland Security Today featured people frequently warning about how the United States must take cybersecurity seriously and safeguard critical infrastructure.
Experts can’t read President Biden’s mind to know precisely which factors inspired the cybersecurity strategic plan. However, the driving forces described above are the likeliest.
How Does the Cybersecurity Strategy Regulation Keep America Safer?
Previous approaches to cybersecurity at the national level focused on public-private partnerships and information-sharing practices. However, we can expect a comparatively larger emphasis on regulation.
Washington Post indicates that the nation will leverage existing regulatory authorities where possible, then use Congress to address gaps. However, there’s no word yet about how and when the necessary implementation will happen. The coverage also clarified how members of Congress must work together to implement the strategy’s aims because the executive branch can only do so much. One cybersecurity expert quoted in the Post doubts seeing much progress in the coming year.
Bloomberg Law clarified that the strategy lacks regulatory teeth in its own right. However, the details within it could make other agencies act to change cybersecurity handling. One suggested possibility was that the Office of Management and Budget could issue more regulations to the entities under its influence. Another option is that the Cybersecurity and Infrastructure Security Agency might enforce binding operational directives affecting federal information systems.
The Washington Post’s assessment of the draft mentioned a shift in liability toward entities that create software with security flaws. The plan recognizes that even the most advanced software security efforts can’t stop all vulnerabilities; however, vendors must take reasonable steps to reduce risks.
Does the 2023 National Cybersecurity Strategy Target Hackers?
Coverage from Slate about the strategic cybersecurity program also suggests more robust defenses against hackers seeking to sacrifice national security. The FBI’s National Cyber Investigative Joint Task Force will systematically work with all relevant federal agencies to interfere with and take down hostile cybercriminal networks.
Moreover, private companies will play vital roles in the effort, too. Representatives from those entities will alert the appropriate bodies to potential or confirmed attacks. They’ll also help prevent cyber incidents. This is not the first emphasis on avoiding potential threats in the Biden presidency. A 2021 executive order involved investigating applications owned by foreign adversaries, notably TikTok and WeChat.
However, Biden’s strategy only extends to offensive actions against parties trying to infiltrate U.S. networks. Anyone expecting details on the nation’s defensive efforts in this regard will find them in a plan issued by the Pentagon, reportedly based on the Biden administration’s strategy.
There are 30 pages dealing with defenses against critical infrastructure in Biden’s cybersecurity strategy, though. It refers to parts of the economy deemed essential to modern society. The significant change in the new plan is that safeguarding these vital sectors becomes mandatory rather than voluntary. Perhaps the 2021 Colonial Pipeline attack, in which ransomware disrupted the supply of gasoline and jet fuel from Texas to the Southeastern side of America, acted as a wake-up call, but it’s not the first attack on infrastructure and it certainly won’t be the last.
But don’t expect uniform rules for all companies under the critical infrastructure umbrella. The Biden administration began scrutinizing each relevant industry more than a year before the 2023 cybersecurity strategy. That suggests each sector may need to follow different cybersecurity best practices depending on the most significant risks facing it.
What Does the Cybersecurity Strategy Mean for Companies?
Even with the release of the cybersecurity strategic plan, some things won’t change. Naturally, one of them is that companies must still encourage workers to stay safe online. When CGS published tips for keeping employees interested, it cited that 99 percent of workers prioritize convenience over keeping their workplaces safe. Engaging the workforce could become even more critical with the cybersecurity strategy.
An overview from Corporate Compliance Insights speculated that its implementation could result in private organizations setting similar standards to those imposed on government agencies or businesses in the critical infrastructure category. Regulations and audits could increase too, meaning an organization must verify it’s doing everything required and possible to prevent cyberattacks.
The analysis also warned how meeting the expectations outlined in the Biden administration’s plan will take a coordinated effort that includes government involvement. That suggests many companies will need to make substantial changes in cybersecurity handling. However, the best option is to confirm exactly what is requited from you before moving forward with implementation.
Beefing Up America’s Cybersecurity?
Cybersecurity is a fast-moving and ever-evolving industry. Many familiar with the Biden administration’s strategy see the content as suitable for online security overall. But only time will tell what its implementation looks like in practice, how long affected organizations have to comply, and what happens if they don’t.
When you get to see the cybersecurity strategy, you need to review it carefully and assess if your organization must do anything to align with the requirements.