The Biden Administration has unveiled its National Cybersecurity Strategy Implementation Plan (NCSIP), a detailed roadmap outlining over 65 initiatives aimed at strengthening cybersecurity across various federal agencies. The plan encompasses a range of objectives, including bolstering critical infrastructure defense, establishing liability for software products and services, and disrupting threat actor operations.
### The Urgency and Funding Concerns
Security professionals have praised the NCSIP for its aggressive deadlines, which they believe convey a sense of urgency. However, concerns about the plan’s success without proper funding and bipartisan support in Congress have also been raised. Some experts point out that although the implementation plan calls for the elimination of legacy systems, funding for the Technology Modernization Fund (TMF) has not been forthcoming. The proposed budget for FY 2024 requested a mere $200 million for the TMF, but the House appropriations bill has completely eliminated that funding.
Robert DuPree, manager of government affairs at Telos, commented on the financial challenges the implementation plan may face, stating, “If no new funding is provided, the Administration is going to need to find a new way forward in its multi-year plan.”
### A “Living Document” and Objectives of the Strategy
The NCSIP’s executive summary describes the released version as the first iteration of the implementation plan and emphasizes that it is a “living document” that will be updated annually. President Biden has deemed this strategy essential to ensuring that all stakeholders, including critical infrastructure sectors, software vendors, and service providers, take an active role in cybersecurity.
The objectives of the cyber strategy are categorized under five pillars:
1. Defend Critical Infrastructure
2. Disrupt and Dismantle Threat Actors
3. Shape Market Forces to Drive Security and Resilience
4. Invest in a Resilient Future
5. Forge International Partnerships
The plan provides high-level plans and initiatives for each of these objectives. For instance, plans for bolstering critical infrastructure defense involve establishing new cybersecurity requirements, scaling public-private partnerships, and enhancing federal incident response plans. The strategy for dismantling threat actors includes integrating federal disruption activities and increasing threat intelligence sharing.
### Challenges and Obstacles
While the NCSIP has garnered praise for its objectives and initiatives, there are concerns about its implementation. Karen Walsh, a cybersecurity compliance expert at Allegro Solutions, highlights a lack of coordinated enforcement and control by individual sector-specific agencies as a problem with the plan. She questions whether creating the necessary legal and regulatory framework for enforcement can be achieved in the current divisive political climate.
Moreover, Walsh considers the timeline ambitious for creating software liability frameworks, which is set at two to three years. She notes the complexity of the task and the additional time required for regulatory agencies to exercise enforcement power and engage in rulemaking.
Mike Hamilton, CISO at Critical Insight, views the NCSIP as a step forward in improving critical infrastructure security and efforts to disrupt threat actors. He believes that expanding the national cyber incident response plan beyond the critical infrastructure sector is a positive move, potentially enlisting practitioners from the private sector as national-level responders. Credentialing and indemnification would need to be addressed to facilitate this.
Additionally, the plan assigns a role for the Cybersecurity and Infrastructure Security Agency (CISA) in providing cybersecurity training and incident response for the healthcare sector, a prime target of ransomware attacks. This strong federal presence in incident response may deter ransomware operators from targeting hospitals.
### Looking Ahead
The release of the National Cybersecurity Strategy Implementation Plan by the Biden Administration marks a significant step toward enhancing cybersecurity and protecting critical infrastructure. However, challenges such as funding, bipartisan support, and coordinated enforcement need to be addressed for the plan’s successful implementation. The timeline for creating liability frameworks and the involvement of regulatory agencies also pose potential obstacles.
As the threat landscape continues to evolve, it is crucial for stakeholders to align their efforts and invest in long-term security, resilience, and promising technologies. Collaboration between the government, private sector, and international partners will be vital in combating cyber threats effectively.
Given the increasing frequency of high-profile cyberattacks and the impact they have on both public and private entities, it is imperative for policymakers and lawmakers to prioritize cybersecurity, provide adequate funding, and ensure a supportive legislative environment. Only with robust investments, bipartisan support, and comprehensive strategies can the United States strengthen its cybersecurity posture and protect against emerging threats.
<< photo by cottonbro studio >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Secure Code Warrior Raises $50M to Revolutionize Software Security Education
- The Rise of Secure Code Warrior: Empowering Developers for a More Secure Future
- The Phishing Playground: How Facebook and Microsoft Became Prime Targets for Impersonation
- Cybersecurity Strategy in Action: Examining the White House’s Implementation Plan
- The Risks and Responsibilities of AI: Civil Society and Labor Groups Speak Out at White House Meeting
- “Critical Calls for the White House: Swift Nomination of National Cyber Director Needed”
