NIRANJAN SHANKAR
Source Link
Introduction
In March 2023, the Biden administration published its National Cybersecurity Strategy (NCS),1 which outlines how the executive branch will take on the proliferating threats facing the American digital landscape. The strategy, which consists of five pillars — Defend Critical Infrastructure, Disrupt and Dismantle Threat Actors, Shape Market Forces to Drive Security and Resilience, Invest in a Resilient Future, and Forge International Partnerships to Pursue Shared Goals — has been widely praised2 for its embrace of an aggressive posture in cyberspace, calls for more regulations across critical infrastructure sectors, and advocacy for software liability reform.3 Others, however, are skeptical4 that its ambitions are achievable given the controversy over, and anticipated pushback against, some of its proposals and other implementation challenges.
Indeed, while the NCS is bold, expansive, and imaginative, it does leave many unanswered questions regarding the specific steps the administration will take to realize its vision for cyberspace. Though the July 2023 Implementation Plan5 names specific initiatives for each pillar and assigns a federal agency6 to lead and complete each of them by a target date, the White House still seems to have overlooked some critical issues — relating to data privacy and protection, migration to zero-trust architecture (ZTA), and digital infrastructure investment in the developing world, just to name a few — that it will need to address to foster a resilient digital ecosystem at home and abroad. The Biden administration also appears to be prone to repeating the same mistakes in the cyber domain that it has made in its overarching foreign policy.
Thus, for the strategy’s promising and ambitious agenda to succeed, the Biden administration will need to be more nuanced and realistic about how it will pursue the objectives it has laid out. The White House also must start accounting for other ambiguities and gray areas that both the NCS and Implementation Plan have either de-emphasized or omitted altogether. Finally, to secure American interests in international cyberspace, Washington needs to incorporate its technology initiatives8 effectively into its broader foreign policy frameworks9 and reconsider some of its approaches to cyber diplomacy.
What the National Cybersecurity Strategy Gets Right
To its credit, the National Cybersecurity Strategy highlights numerous important security priorities for Washington to tackle in the digital arena. Many of these efforts will build upon and complement President Joe Biden’s previous executive orders10 and directives, as well as policies and frameworks12 that were established under the Trump and Obama administrations.
A Multistakeholder Model for Cooperation with the Private Sector and International Partners
Firstly, the document rightly underscores the significance of collaboration for achieving its goals. At the domestic level, this entails integrating federal cybersecurity centers and disruption campaigns as well as expanding defense and security coordination and intelligence sharing between the public and private sectors. This latter objective will be facilitated by the Cybersecurity and Infrastructure Security Agency (CISA)13 and other sector-specific entities such as Sector Risk Management Agencies (SRMAs) and Information Sharing Analysis Organizations and Centers (ISAOs and ISACs). Given that leading technology companies own and maintain much of the infrastructure14 upon which computer networks around the world are built, these public and private sector synergies will be crucial for gaining invaluable insights into adversarial activity in cyberspace.
On the global stage, the White House seeks to strengthen ties with its partners around the world and leverage international institutions to confront America’s foreign adversaries, safeguard global digital commerce and supply chains, and enforce norms of responsible state behavior in cyberspace. The Biden administration also lists civil society organizations, nonprofits,15 and local and regional entities as key partners in the fight against malicious cyber activity, reaffirming Washington’s commitment to promoting a multistakeholder model of Internet governance.
Transitioning from Legacy Systems to Zero-Trust Architecture and Investing in Critical and Emerging Technologies
Modernizing federal software and equipment and upgrading security architectures are other noteworthy goals set forth by the NCS. Building off of Executive Order 14028,17 Memorandum 22-09,18 and recommendations by the National Institute of Standards and Technology (NIST),19 the Biden administration will work to expedite the federal government’s shift20 toward ZTA — security models in which no user or communication within a network is trusted, and access permissions are restricted to the “least privileges”21 necessary to perform a given function. The administration will also assist federal agencies with replacing legacy systems and migrating on-premises workloads to the cloud.
Relatedly, the strategy appreciates that boosting R&D investments in cybersecurity, artificial intelligence (AI) (also emphasized in President Joe Biden’s recent executive order22 on the safe and secure development of AI), quantum computing, green energy, and biotechnology, along with fostering a stronger and more versatile cyber workforce,23 will be vital for nurturing cybersecurity expertise and preserving American global leadership in critical technologies.
No comments:
Post a Comment