In the United States, President Joe Biden has released a National Cybersecurity Strategy for a safe and secure digital ecosystem.
Proposed are five ‘pillars’: to ‘Defend Critical Infrastructure’; ‘Disrupt and Dismantle Threat Actors’; ‘Shape Market Forces to Drive Security and Resilience’; ‘Invest in a Resilient Future’; and ‘Forge International Partnerships to Pursue Shared Goals’.
In a foreword, President Biden that the world was at an ‘inflection point’, including our digital world. He said that the strategy recognised ‘robust collaboration’ between the public and private sectors was crucial; also, to take on ‘the systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small organisations’. He also promised to collaborate with allies, hold countries accountable for ‘irresponsible behaviour’ in cyberspace, and ‘disrupt’ the networks of criminals behind dangerous cyber attacks.
For the 35-page document, visit the White House website.
Comments
Gary Barlet, Federal Field CTO, at Illumio said: “The Biden Administration’s national cybersecurity strategy is a step in the right direction toward making a real and lasting impact on building resilience throughout our critical infrastructure. However, having a ten-year strategy simply isn’t effective. We understand so little about technologies like quantum and AI today, it’s hard to imagine what the impact of technology will be on security in ten years. If we’ve learned anything the past few years it’s that breaches are inevitable, so it is essential that organisations, particularly critical infrastructure, reduce their risk to cyberattacks ASAP, not in ten years.”
And Julian Brownlow-Davies, VP of EMEA at the cyber firm Bishop Fox said: “Considering the overwhelming volume of ransomware attacks and other cyber threats globally, it is promising to see US policy introduced that pushes the tech industry to shoulder more of the load for cyber risk. This move from the White House is further indication that across the world, cyber strategy is tightening up. In the UK, for instance, DORA is going to have a huge impact on security and cyber resilience for the finance sector, and similarly to the Whitehouse strategy, will demand greater investment into reducing technical vulnerabilities for a resilient future.
“Yet ensuring its success means companies globally must prioritise more proactive, preventative measures of cyber defence. In the case of being prepared for ransomware, point-in-time pen testing cannot be treated like a box ticking exercise. The best protection will be an ‘offensive security’ approach, eg., defending forward, with red teams that continually scrutinise defences to ensure organisations stay so far ahead of hackers that the back-door to the network will be slammed shut, before they even knew it existed.”
Joshua Corman, VP of Cyber Safety Strategy at Claroty is a former chief strategist at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. He said: “The choice to put critical infrastructure at the forefront in Pillar 1 is an important and deliberate one. It’s crucial as the strategy is implemented, that we begin to finally stratify our critical infrastructure functions. I encourage Congress, the White House, CISA, and other parts of government to focus on the most critical of the 55 National Critical Functions—the lifeline, latency-sensitive functions that if disrupted for 24-48 hours could contribute to losses of life or a crisis of confidence in the public. These include: supply water, provide medical care, generate electricity, produce and provide food, etc. Many of the owners and operators of these lifeline functions happen to also be what I’ve called, “target rich, cyber poor”—meaning they are among the most attractive targets for threat actors, with the least amount of resources to protect themselves.”
