The White House has published a plan for the implementation of the US National Cybersecurity Strategy (NCSIP), being introduced in March of this year. The NCSIP, published Thursday, was designed to ensure transparency and coordination among US federal government agencies in realizing the vision set out in the strategy. This vision is for a fundamental shift in how the US allocates roles, responsibilities and resources in cyberspace and increases incentives for long-term investments in cybersecurity.
The NCSIP details more than 65 “high-impact” federal initiatives to achieve the goals of the National Cybersecurity Strategy, each of which is assigned to a responsible agency and has a timeline for completion. These cover tasks such as proposing new legislation and modernizing technology systems.
The initiatives are based on five pillars:
- Defend critical infrastructure: includes the Cybersecurity and Infrastructure Security Agency (CISA) leading a process to update the National Cyber Incident Response Plan to ensure that the government takes coordinated action during a cyber incident.
- Disruption and Dismantle of Threat Operators: Among initiatives under this pillar, the FBI is expected to strengthen the ability of the Joint National Cyber Investigative Task Force (NCIJTF) to coordinate takedown and disruption campaigns with greater speed, scale, and frequency.
- Shaping market forces to drive security and resiliency: A key element here is CISA's work with stakeholders to advance the software bill of materials (SBOM) by closing gaps in scale and implementation.
- Invest in a resilient future: This includes the National Institute of Standards and Technology (NIST) completing the standardization of one or more public-key cryptographic algorithms resistant to quantum computing.
- Forge international partnerships to pursue common goals: One of the initiatives under this pillar is for the Department of State to publish an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities.
The Biden administration added that this is the first iteration of the implementation plan, "which is a living document that will be updated annually." The Office of the National Cyber Director (ONCD) will be responsible for coordinating the activities of the plan and will provide an annual report to the President of the Republic and the National Congress on the progress of implementation.
"The Administration looks forward to implementing this plan in continued collaboration with the private sector, civil society, international partners, Congress, and state, local, tribal, and territorial governments," the White House commented. Earlier this week, Microsoft revealed it had uncovered a Chinese cyber-espionage campaign that compromised at least 25 organizations, including the US government. With international news agencies.
