The Biden Administration announced its long-awaited National Cybersecurity Strategy this week, and it could be a game-changing document, in that it aims to put much more of the burden of responsibility for protecting U.S. citizens and critical infrastructure on the private sector providers and enablers of that infrastructure.
The 39-page document highlights two overarching goals: “We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us… [and] We must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.”
That leaves a lot of room for interpretation regarding how such a fundamental shift in responsibility and protection requirements might be achieved. Aside from generally calling for more rigid cybersecurity standards and regulations for government and commercial organizations, the strategy document does not lay out many more concrete details, opting instead to designate five pillars around which all future work will revolve. Those pillars include the defense of critical infrastructure, the disrupting and dismantling of threat actors, the shaping of market forces to drive security and resilience, increased investment in a resilient future, and the forging of international partnerships to pursue shared goals.
Most initial reactions from the technology sector struck a positive note. For example, Amit Elazari, Head of Cybersecurity Policy, Intel, stated in the company’s IntelPolicy blog, “Under this Cybersecurity Strategy, the private sector would need to assume a broader role in enabling technological leadership workforce development, as well as championing private-public partnerships and adopting leading practices.:
Adding that Intel is committed to doing its part, she further stated “We approach this imperative with a Security-First mindset, building on our longstanding commitment to security and investments in our people, industry-leading processes and products, integrating a security by design approach with our products and culture. We relentlessly innovate to enable our ecosystem of partners, promoting secure computing architectures and faster transitioning to post-quantum cryptography. And we will continue to work with our broader ecosystem to implement leading practices and advance new frameworks and standards.”
Elazari concluded, “A resilient and secure supply chain starts with semiconductors. Intel looks forward to continuing to work with the Administration and our partners to advance this strategy and promote sound policy approaches to strengthen cybersecurity and protect technology and users around the world.”
While more internet, cloud, hardware, and software technology companies will face more responsibility for protecting infrastructure and users, the migration to a tougher cybersecurity environment also is likely to drive more investment in technology sectors like zero-trust networking, secure access service edge, post-quantum cryptography, cloud storage and back-up, and more.