The White House has published a plan for the implementation of the US National Cybersecurity Strategy, which was introduced in March 2023.
The National Cybersecurity Strategy Implementation Plan (NCSIP), published on July 13, 2023, is designed to ensure transparency and coordination among US federal government agencies in realizing the vision set out in the strategy. This vision is for a fundamental shift in how the US allocates roles, responsibilities and resources in cyberspace, and increasing incentives for long-term investments into cybersecurity.
The NCSIP details over 65 “high-impact” federal initiatives to achieve the aims of the National Cybersecurity Strategy, each of which is assigned to a responsible agency and has a timeline for completion. These encompass tasks such as proposing new legislation and modernizing technology systems.
The initiatives are based around five pillars:
- Defending Critical Infrastructure: This includes the Cybersecurity and Infrastructure Security Agency (CISA) leading a process to update the National Cyber Incident Response Plan to ensure the government acts in a coordinated manner during a cyber incident.
- Disrupting and Dismantling Threat Actors: Among the initiatives in this pillar, the FBI is expected to strengthen the capacity of the National Cyber Investigative Joint Task Force (NCIJTF) to coordinate takedown and disruption campaigns with greater speed, scale and frequency.
- Shaping Market Forces to Drive Security and Resilience: A key element here is CISA working with stakeholders to advance software bill of materials (SBOM), reducing gaps in scale and implementation.
- Investing in a Resilient Future: This includes the National Institute of Standards and Technology (NIST) completing standardization of one or more quantum-resistant public key cryptographic algorithms.
- Forging International Partnerships to Pursue Shared Goals: One of the initiatives in this pillar is for the Department of State to publish an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities.
The Biden-Harris Administration added that this is the first iteration of the implementation plan, “which is a living document that will be updated annually.”
The Office of the National Cyber Director (ONCD) is responsible for coordinating the activities under the plan and will provide an annual report to the President and Congress on the status of implementation.
The White House commented: “The Administration looks forward to implementing this plan in continued collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal and territorial governments.”
Earlier this week, Microsoft revealed it had discovered a Chinese cyber-espionage campaign that compromised at least 25 organizations including the US government.