The new National Cyber Strategy will make federal departments and agencies “more effectively execute their missions to make America cyber secure,” President Trump said in a statement Thursday.
The White House said priorities of the strategy are “securing federal networks and information and our nation’s critical infrastructure,” “combating cybercrime and improving incident reporting,” “protecting American ingenuity from threats such as intellectual property theft,” “developing a superior cybersecurity workforce through education and recruitment,” “promoting responsible behavior among nation states,” “launching an international Cyber Deterrence Initiative,” and “exposing and countering online malign influence and information campaigns.”
National Security Advisor John Bolton told reporters Thursday that there’s a classified aspect to the strategy that he couldn’t discuss. “The strategy takes effect today. Agencies will execute their missions informed by its guidance, and National Security Council staff will coordinate its implementation,” he said.
“For any nation that’s taking cyber activity against the United States, they should expect — and this is part of creating structures of deterrence, so that it’s publicly known as well — we will respond offensively as well as defensively,” Bolton said. “And beyond that, I’m just not going to go at this point.”
Bolton stressed that “the fact is that the cyber threat is government-wide, and so there’s no doubt there are a large number of government agencies involved.”
“And each has their responsibility. That’s one reason why writing a strategy like this, which was and should be coordinated with all the agencies involved, takes some time to do,” he said. “But I’m satisfied that this allows us the comprehensive look at strategy across the entire government. Each agency knows its lane and is pursuing it vigorously. That’s true in the unclassified world, and it’s true in the classified world as well. It’s the function of the National Security Council process and the staff to make sure, now, that this policy is implemented. And that’s what we’ll be doing.”
There isn’t one lead coordinating agency for the strategy, like the biodefense strategy being led by Health and Human Services.
“DHS has a huge role in this, in preserving and protecting information technology systems in many other areas. The military and intelligence government systems are protected in their own realms,” Bolton said. “And it was in that context that we determined there would not be one lead agency because so many are involved.”
DHS Secretary Kirstjen Nielsen said in a statement that “the critical infrastructure that Americans rely on is threatened every day by nation-states, cyber criminals and hackers seeking to wreak havoc, disrupt commerce, and even undermine our democratic institutions” and the new strategy “strengthens the government’s commitment to work in partnership with industry to combat those threats and secure our critical infrastructure.”
“The strategy also identifies several important steps which will further enable DHS to successfully combat cybercrime. Transnational criminal groups are employing increasingly sophisticated digital tools and techniques to enable their illegal activities online, and the strategy calls for DHS and the broader law enforcement community to continue to develop new and more effective legal tools to investigate and prosecute these criminal actors. It also notes the need for electronic surveillance and computer crime laws to be updated to keep pace with the rapidly evolving environment,” Nielsen said.
“Cybersecurity is a shared responsibility, and the Department of Homeland Security will continue to stand with our partners, in government and industry, to raise our collective defense against cyber threats to our security, prosperity, and way of life,” she added.