Editor’s Note: The Biden-Harris Administration has released the National Cybersecurity Strategy to secure a safe and secure digital ecosystem for Americans. This strategy seeks to make fundamental shifts in the allocation of roles, responsibilities, and resources in cyberspace, realign incentives to favor long-term investments, and defend against urgent threats while investing in a resilient future. It recognizes the government’s role in using all national power tools to protect national security, public safety, and economic prosperity. The strategy also seeks to enhance collaboration around five pillars: Defend Critical Infrastructure, Disrupt and Dismantle Threat Actors, Shape Market Forces to Drive Security and Resilience, Invest in a Resilient Future, and Forge International Partnerships to Pursue Shared Goals. Cybersecurity, information governance, and eDiscovery professionals should be aware of the strategy and its implementation to ensure the security and protection of their data and digital ecosystem.


Fact Sheet and Strategy*

Biden-⁠Harris Administration Announces National Cybersecurity Strategy

The White House

Today, the Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans. In this decisive decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society. To realize this vision, we must make fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace.

  1. We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.
  2. We must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.

The Strategy recognizes that government must use all tools of national power in a coordinated manner to protect our national security, public safety, and economic prosperity.

VISION

Our rapidly evolving world demands a more intentional, more coordinated, and more well-resourced approach to cyber defense. We face a complex threat environment, with state and non-state actors developing and executing novel campaigns to threaten our interests. At the same time, next-generation technologies are reaching maturity at an accelerating pace, creating new pathways for innovation while increasing digital interdependencies.

This Strategy sets out a path to address these threats and secure the promise of our digital future. Its implementation will protect our investments in rebuilding America’s infrastructure, developing our clean energy sector, and re-shoring America’s technology and manufacturing base. Together with our allies and partners, the United States will make our digital ecosystem:

  • Defensible, where cyber defense is overwhelmingly easier, cheaper, and more effective;
  • Resilient, where cyber incidents and errors have little widespread or lasting impact; and,
  • Values-aligned, where our most cherished values shape—and are in turn reinforced by— our digital world.

The Administration has already taken steps to secure cyberspace and our digital ecosystem, including the National Security Strategy, Executive Order 14028 (Improving the Nation’s Cybersecurity), National Security Memorandum 5 (Improving Cybersecurity for Critical Infrastructure Control Systems), M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles), and National Security Memorandum 10 (Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems). Expanding on these efforts, the Strategy recognizes that cyberspace does not exist for its own end but as a tool to pursue our highest aspirations.

APPROACH

This Strategy seeks to build and enhance collaboration around five pillars:

1. Defend Critical Infrastructure – We will give the American people confidence in the availability and resilience of our critical infrastructure and the essential services it provides, including by:

  • Expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety and harmonizing regulations to reduce the burden of compliance;
  • Enabling public-private collaboration at the speed and scale necessary to defend critical infrastructure and essential services; and,
  • Defending and modernizing Federal networks and updating Federal incident response policy

2. Disrupt and Dismantle Threat Actors – Using all instruments of national power, we will make malicious cyber actors incapable of threatening the national security or public safety of the United States, including by:

  • Strategically employing all tools of national power to disrupt adversaries;
  • Engaging the private sector in disruption activities through scalable mechanisms; and,
  • Addressing the ransomware threat through a comprehensive Federal approach and in lockstep with our international partners.

3. Shape Market Forces to Drive Security and Resilience – We will place responsibility on those within our digital ecosystem that are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable in order to make our digital ecosystem more trustworthy, including by:

  • Promoting privacy and the security of personal data;
  • Shifting liability for software products and services to promote secure development practices; and,
  • Ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient.

4. Invest in a Resilient Future – Through strategic investments and coordinated, collaborative action, the United States will continue to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure, including by:

  • Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression;
  • Prioritizing cybersecurity R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure; and,
  •  Developing a diverse and robust national cyber workforce

5. Forge International Partnerships to Pursue Shared Goals – The United States seeks a world where responsible state behavior in cyberspace is expected and reinforced and where irresponsible behavior is isolating and costly, including by:

  • Leveraging international coalitions and partnerships among like-minded nations to counter threats to our digital ecosystem through joint preparedness, response, and cost imposition;
  • Increasing the capacity of our partners to defend themselves against cyber threats, both in peacetime and in crisis; and,
  • Working with our allies and partners to make secure, reliable, and trustworthy global supply chains for information and communications technology and operational technology products and services.

Coordinated by the Office of the National Cyber Director, the Administration’s implementation of this Strategy is already underway.

Read the original announcement.


Complete Report: National Cybersecurity Strategy – March 2023  (PDF) Mouseover to Scroll

National Cybersecurity Strategy 2023


*Shared with permission.

Additional Reading

Source: ComplexDiscovery

The post Rebalancing Responsibility? Biden Administration Announces National Cybersecurity Strategy appeared first on ComplexDiscovery.