White House fills in details of National Cybersecurity Strategy

Fresh from the federal policy mill, the Biden Administration’s 57-page National Cybersecurity Strategy Implementation Plan (NCSIP) describes more than 65 initiatives that various federal agencies will implement during the next several years. These include strengthening US critical infrastructure against cyber threats, establishing enforceable liability for software products and services, and devising more effective ways to disrupt and disable threat-actor operations and their infrastructure.

An Implementation Roadmap

Several security professionals this week perceived the NCSIP as important for Biden’s cybersecurity strategy to move forward and said its relatively aggressive deadlines convey the right sense urgency to stakeholders. But some wondered — as they have previously — about how it would succeed without adequate funding and bipartisan support in Congress.

“This roadmap to implement the Cybersecurity Strategy continues to point in the right direction, but there are some financial potholes,” said Robert DuPree, manager of government affairs at Telos, in an emailed comment. For instance, while the implementation plan calls on federal agencies to eliminate legacy systems, funding for the Technology Modernization Fund (TMF), which was approved in 2017, has not been forthcoming, he said. The proposed budget for FY 2024 requested a paltry $200 million for the TMF, but the House appropriations bill has zeroed out even that funding. “If no new funding is provided, the Administration is going to need to find a new way forward in its multi-year plan,” DuPree added.

The NCSIP’s executive summary described the version of the document, released this week, as the first iteration of the implementation plan and called it a “living document” that will be updated on an annual basis. “Initiatives will be added as the evolving cyber landscape demands and removed after completion,” the summary noted.

Biden in March called the strategy essential to ensuring all stakeholders — including critical infrastructure sectors, software vendors, and service providers — take an active role in protecting against cyber threats. “We will rebalance the responsibility for cybersecurity to be more effective and more equitable,” Biden had noted. “We will realign incentives to favor long-term investments in security, resilience, and promising new technologies.”

The objectives of the cyber strategy are grouped under five separate pillars: Defend Critical Infrastructure; Disrupt and Dismantle Threat Actors; Shape Market Forces to Drive Security and Resilience; Invest in a Resilient Future; and Forge International Partnerships. This week’s document provides high-level plans and initiatives for meeting these objectives.

To read the complete article, visit Dark Reading.