The recent publication of our National Cybersecurity Strategy illustrates a strong desire by the federal government to improve our digital ecosystem and a determination to succeed for the safety and benefit of all Americans.
It remains to be seen if the implementation and execution of the new Strategy can be carried out efficiently and effectively, but the Strategy seeks to build and enhance collaboration around five key pillars: defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships to pursue shared goals.
Defend Critical Infrastructure
To meet the goals of this pillar, the Strategy will require a complete unity of effort and coalescence of all critical infrastructure sectors, including associated stakeholders, for the common goals of prevention, detection and protection. Effective communication among everyone involved should be the hallmark of these groups in order to successfully work together. Considering the importance and enormity of the task, this will require effort. It goes without saying, but given the times sensitive and/or classified information will need protection from adversaries.
Disrupt and Dismantle Threat Actors
This new Strategy assumes that the combined efforts of our critical infrastructure sectors, federal, state, and local law enforcement, along with intelligence agencies and counterintelligence experts can work effectively together. This assumption, in my view, is the most difficult segment of Strategy execution because institutions at all levels tend to be parochial, naturally causing each of the working parts to be guarded or in some cases divided. Precise and focused coordination are needed to overcome these concerns.
Shape Market Forces to Drive Security and Resilience
Foreign malign governments and actors are plentiful. No surprise there. Many recent examples exist to illustrate occasions when poor or inadequate cybersecurity practices have led to vulnerabilities resulting in intellectual property theft, shutdowns in certain critical infrastructure services, and the theft of privacy information. Certainly the goal of this new Strategy is to shore up the security of our programs, systems, and institutions. One recommendation I can make as a way to accomplish this goal is to consider the implementation of redundancies that limit or prevent the interruption of critical services. No system or combination of safeguards are perfect. Consider the addition of secondary or supplemental systems, mutual aid capabilities, and emergency capacities to lessen the impact of any attack.
Invest in a Resilient Future
Continuity of operations is paramount for every organization, whether government, critical infrastructure, or a private business. As the pillar description states, “R&D for next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure” are a priority. Each year, our colleges and universities graduate some of the brightest engineers and cybersecurity talent available. Partnering with higher education and the resulting talent pools they produce can, in my view, discover and accelerate emerging technologies. This resource can intensify our research and development capabilities and ultimately enhance resilience.
Provided that all aspects of this new Strategy come together, and assuming that all the relevant stakeholders “lean in” on the pillars identified, there is no reason for this cybersecurity blueprint and action plan not to work.