The National Cybersecurity Strategy: Securing America's Digital Future

This March, the Biden-Harris Administration released the National Cybersecurity Strategy, which establishes the vision for the U.S.’ public and private cyber defense strategies. The strategy presents a vision aimed at better protecting our critical infrastructure from cyberthreats and “ensuring a safe and secure digital ecosystem for all Americans.” 

Central to the new strategy is the urgency to protect America’s critical infrastructure: the essential systems, assets, and services that are vital to the functioning of our society and economy, such as energy, transportation, health care, and finance. If these infrastructures are disrupted by natural disasters, accidents, or deliberate acts, there can be severe economic, social, and security consequences that adversely affect the nation’s well-being and stability. 

 

A Vision for a Secure Digital Ecosystem 

This comprehensive strategy establishes a vision for a more intentional and well-resourced approach to cyber defense. It is designed to reimagine cyberspace as a tool that reflects the nation's values, economic security, human rights, trust in democracy, and diversity. To achieve this, the White House is primarily working to shift responsibilities from the end user to the software vendors and service providers that are best positioned to defend against cyberthreats, which will be enforced and partly supported by the federal government. The strategy also moves from voluntary guidelines to enforced legislation. Ultimately, the strategy aims to use the entirety of the nation’s power to improve its cyber defenses. 

 

A Five Pillar Plan 

The Strategy is focused on achieving three core cyber-goals: creating easier, less expensive, and more effective defense tools and practices; limiting the breadth and depth of cyber incidents; and creating alignment between American values and life in the Information Age. Supporting these goals is the White House’s five pillar plan that, through coordinated collaboration and strategic resource investment, will help the U.S. secure its digital future. 

First, the strategy emphasizes expanding cybersecurity requirements for all critical infrastructure to ensure national security and public safety. Primarily, this includes shifting away from existing voluntary guidelines and toward mandatory regulations that will focus on both industry-wide and sector-specific legislation. How these regulations will be measured and enforced has yet to be defined, but this will be a crucial step to ensure compliance across industry and infrastructure sectors.  

Second, the U.S. aims to deploy all tools at its disposal to make malicious cyber actors incapable of threatening national security or public safety. This involves engaging the private sector and addressing the threat of ransomware through Federal guidance and international cooperation. 

Third, the Strategy attempts to move the responsibility of our shared cyber health away from the vulnerable – and often not-as-threat-aware end user – to those in the best position to protect it. This includes promoting privacy and secure development practices while ensuring Federal grant programs support secure and resilient infrastructure investments. 

Fourth, the Strategy calls for strategic investments and collaborative action to create secure and resilient innovative technologies and infrastructure. This involves reducing technical vulnerabilities, prioritizing cybersecurity research and development, and building a diverse and robust cyber workforce. 

Finally, the U.S. is seeking global cooperation where responsible behavior in cyberspace is expected and irresponsible behavior is isolated and costly. International partnerships will counter threats to the digital ecosystem, increase partners' cyber defense capacity, and promote secure global supply chains. 

 

Implications for Critical Infrastructure 

As the Strategy rolls out, it will be key for leaders in critical infrastructure to advocate for policies and regulations that align with what’s possible and practical for each industry. These voices will play an important role in ensuring that those enacting regulatory legislation understand their potential impact and drawbacks. 

To ensure compliance, leaders must also take intentional steps to coordinate activities across all parts of the organization. The Strategy serves as an important reminder about educating individuals at all levels of an organization about their role in cyber defense. Though many aren’t on the front lines, their actions – or inactions – could make their organization non-compliant and more vulnerable to attack. 

These changes will require modifications to private sector organization’s incident response plans. These updates will bolster efforts to share information and ensure responsibility of responses to threats and attack, particularly those on critical infrastructure that may require federal intervention. Those engaged in infrastructure-as-a-service, like Amazon Web Services and Google Cloud, will also face greater scrutiny in how, and how quickly, they respond to cyberattacks. 

 

A Resilient Digital Environment 

 
Cyber threats are constantly evolving and the creation of new attacks often outpace the establishment of any legislation. While it’s crucial to establish regulations that support a more coordinated national cyberstrategy, the Biden-Harris Administration also noted that foundational principles – like integrating security in the initial design of systems and ensuring systems can remain operational during interruptions – must be established to deal with the rapidly changing cyber environment. 

With the National Cybersecurity Strategy, the White House is taking a proactive approach to safeguard America's digital ecosystem. By prioritizing critical infrastructure defense, disrupting threat actors, shaping market forces, investing in resilience, and forging international partnerships, the United States aims to create a trustworthy, defensible, and resilient digital environment. The journey towards a secure digital future has already begun, and with continued coordination and collaboration, we can protect our nation from the evolving cyber threats of the 21st century. 
 
Capitol Technology University’s degree programs Critical Infrastructure, Cyberpsychology, and Cyber & Information Security can prepare you to protect America’s critical infrastructure and create a more secure digital future. 

For more information, visit the Capitol website or contact our Admissions team at admissions@captechu.edu.