Implementing the White House’s Cybersecurity Strategy: 6 Key Strategies for Industry Success and Cybersecurity Compliance
Cyber Strategy for America: A New Milestone in Cybersecurity
The recent release of the Cyber Strategy for America marks a significant milestone in the nation’s efforts to bolster its cybersecurity posture. The strategy outlines six key priority areas that reflect the current threat landscape, and its success will depend on the ability of government agencies, technology providers, and critical infrastructure operators to work together to implement practical solutions.
Shaping Adversary Behavior
One crucial step is to shape adversary behavior by increasing the costs associated with launching attacks. The software industry can play a key role in this effort by eliminating passwords, which have long been a weak link in cybersecurity. Despite being identified as a top threat by The SANS Institute over 30 years ago, weak passwords remain a major vulnerability, with four out of five breaches in 2024 attributed to this issue. By defaulting to stronger authentication methods, such as multi-factor authentication, software and cloud vendors can make it more difficult for attackers to succeed.
Promoting Common Sense Regulation
Another important area of focus is promoting common sense regulation. The current patchwork of standards and regulations can create complexity and increase costs for industry and government alike. For example, the FedRAMP program has made significant progress in automating cloud security compliance using the Open Security Controls Assessment Language (OSCAL), while the Department of War has created separate standards for its Non-classified Internet Protocol Router Network (NIPRNet). By streamlining and harmonizing these standards, the government can reduce the burden on industry and accelerate the adoption of secure cloud solutions.
Modernizing and Securing Federal Government Networks
Modernizing and securing federal government networks is also critical. The Cybersecurity Maturity Model Certification (CMMC) has been a positive step in this direction, but more needs to be done to ensure that contractors and suppliers are held accountable for their cybersecurity practices. By enforcing contractor accountability, the government can reduce its reliance on government-furnished equipment (GFE) and focus on securing its own systems and employees.
Securing Critical Infrastructure
Securing critical infrastructure is another key priority. While the term “critical infrastructure” can be nebulous, there are clear similarities between different sectors. Financial and telecommunications companies, for example, are already subject to federal legislation and industry self-regulation, and tend to have higher security and privacy standards. By focusing on the most critical and vulnerable sectors, such as water utilities and hospitals, the government can make a meaningful impact on the security of critical infrastructure.
Sustaining Superiority in Critical and Emerging Technologies
Sustaining superiority in critical and emerging technologies is also essential. As the use of artificial intelligence (AI) continues to grow, organizations need to ensure that they have the necessary infrastructure and safeguards in place to mitigate the associated risks. This includes creating soft and hard guardrails, providing training and enablement, and protecting personal and organizational data.
Building Talent and Capacity
Finally, building talent and capacity is crucial to addressing the cybersecurity challenges facing the nation. While the “half a million unfilled cyber roles” narrative may be overstated, t
About Author
English