National Cybersecurity Strategy published by the White House
Technology for Lawyers
Published: May 5, 2023
The Biden-Harris administration has published a five “pillar” cybersecurity strategy the looks to have data security as a built-in feature in every aspect of US business, government, and foreign relations.
Although there have been various agency regulations, a smattering of laws and suggestions through at least the last three administrations, this is the first comprehensive attempt to create an overview of what the country’s cybersecurity infrastructure should look like going forward.
Of course, there will be all kinds of pushback from all kinds of quarters, and this strategy is not binding until its various parts become law, but this will at least frame the conversation going forward.
Those five pillars are:
1. Defend Critical Infrastructure
2. Disrupt and Dismantle Threat Actors
3. Shape Market Forces to Drive Security and Resilience
4. Invest in a Resilient Future
5. Forge International Partnerships to Pursue Shared Goals
The strategy in general focuses on critical infrastructure (water, electricity, airlines, etc.) and on big tech to raise the level of their cybersecurity game.
Critical infrastructure may see new or updated cybersecurity requirements. In particular, the TSA actually has some regulatory power over this area and may step in with new regs. There is also a 2022 statute, the Cyber Incident Reporting for Critical Infrastructure Act, which is awaiting implementing rules from CISA.
In general, smaller tech companies and other small businesses are not the focus of the plan because they generally are not the locus of the biggest problems.
But, for instance, cloud service providers or large software developers are going to be held responsible for making sure that their products are secure under this plan.
The overall view is that the entirety of the internet is too large and diffuse for the government to provide its security, so that the private companies that profit the most will be the most responsible for its security. If it works, this plan would be the largest public-private partnership in modern times. It also creates connectivity among government agencies within the cybersecurity sphere.
There are and will be endless analyses of this plan. If you are interested, start googling. Also, a PDF of the entire document can be found here: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf