US administration updates National Cybersecurity Strategy Implementation Plan to meet growing challenges
The U.S. administration released on Tuesday the updated National Cybersecurity Strategy Implementation Plan (NCSIP) Version 2, outlining 100 high-impact initiatives to enhance digital security and systemic resilience. These initiatives build upon the previous NCSIP and align with the objectives of the National Cybersecurity Strategy. The roadmap reflects the challenges and opportunities identified in the 2024 Report on the Cybersecurity Posture of the nation.
New initiatives are included under each of the five pillars outlined in the President’s National Cybersecurity Strategy, which has sought to build and enhance collaboration around five pillars – Defend Critical Infrastructure, Disrupt and Dismantle Threat Actors, Shape Market Forces to Drive Security and Resilience, Invest in a Resilient Future, and Forge International Partnerships to Pursue Shared Goals. Among various actions, the initiatives include aligning cyber regulations, advocating for the creation of ‘secure-by-design and secure-by-default’ technology, setting cybersecurity requirements across critical infrastructure sectors, and combating ransomware criminals.
The second NCSIP document includes 31 new initiatives and sees six agencies leading initiatives for the first time. It builds upon the work from NCSIP Version 1, with 33 of 36 initiatives (92 percent) in the first NCSIP with a completion date on or before the second quarter of fiscal year 2024 have been completed. The remaining three initiatives remain in progress. Furthermore, the next phase of the NCSIP follows the progress to date and displays the Administration’s commitment to transparency and accountability as the National Cybersecurity Strategy is implemented.
NCSIP Version 2 also laid down implementation-wide initiatives. In the initial description, the ONCD will assess the effectiveness of this strategy, associated policy, and follow-on actions and provide the first annual report to the President, the Assistant to the President for National Security Affairs, and Congress.
ONCD, in coordination with NSC staff, OMB, and departments and agencies, will assess the effectiveness of this strategy and report annually to the President, the Assistant to the President for National Security Affairs, and Congress on the effectiveness of this strategy, associated policy, and follow-on actions in achieving its goals. The completion date is the third quarter of the financial year 2024.
The administration also identified that the NCSIP is a living document that will be updated annually. It is published to define a path for cybersecurity coordination and promote transparency. ONCD will continue to coordinate the implementation of President Joe Biden’s National Cybersecurity Strategy, and partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives through the issuance of an annual Administration Cybersecurity Priorities memorandum.
NCSIP Version 2 said that close collaboration with the private sector; civil society; state, local, tribal, and territorial governments; international partners; and Congress remains essential. Agencies will continue working with interested stakeholders to implement the initiatives of this plan and build new partnerships where possible. The Administration will continue to seek Implementation Plan initiatives based on stakeholder feedback, completion of initiatives, and assessments of their effectiveness for future versions of the Implementation Plan.
When it comes to defending critical infrastructure, the NCSIP Version 2 identified that boosting the security and resilience of critical infrastructure and essential services through the Cybersecurity and Infrastructure Security Agency (CISA) and federal agencies that serve as Sector Risk Management Agencies (SRMAs), are better enabling public-private collaboration with critical infrastructure owners and operators across the U.S. at scale.
The move includes work to increase cybersecurity in the healthcare and public health sector by strengthening cyber resilience for hospitals and communities and through identifying Healthcare and Public Health Sector-specific Cybersecurity Performance Goals increasing patient safety.
It also sought to establish an ‘Education Facilities Sub-sector Government Coordinating Council’ to enhance cybersecurity best practices in education facilities with state, local, tribal, and territorial entities. Additionally, it promotes the adoption of cybersecurity best practices in the water and wastewater systems sector to assist utilities in preventing, detecting, responding to, and recovering from cyber incidents.
Working on disrupting and dismantling hackers, the NCSIP Version 2 will leverage all instruments of national power to make it harder for malicious actors to mount sustained cyber-enabled campaigns that would threaten the national security or public safety of the American people by strengthening collaboration between federal, state, local, tribal and territorial law enforcement, private sector, and international partners to develop a whole-of-society approach and prevent, deter, and disrupt cybercrime and cyber-enabled crime committed by juvenile offenders, consistent with the recommendations from the Cyber Safety Review Board’s review of the attacks associated with Lapsus$ and related threat group reports.
The NCSIP Version 2 aims to shape market forces by assigning responsibility to entities capable of risk reduction and enhancing the digital ecosystem’s trustworthiness. Building on the National Security Council’s initiative, a cybersecurity labeling program for smart devices has been introduced to safeguard American consumers, known as the ‘U.S. Cyber Trust Mark.’
In March, the Federal Communications Commission (FCC) finalized an order to create a voluntary cybersecurity labeling program for wireless consumer Internet of Things (IoT) products. This program will help consumers make more informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards.
Additionally, with funding from President Biden’s Bipartisan Infrastructure Law, mobilizing teams from national laboratories to research and develop cybersecurity labeling for energy products.
When it comes to building a resilient future, NCSIP Version 2 aims to position itself as a global leader in securing next-generation technologies and infrastructure. This will be achieved through strategic investments and coordinated efforts, implementing the National Cyber Workforce and Education Strategy. The Office of the National Cyber Director (ONCD) is working across the Federal Government to build up the national cyber workforce, increase its diversity, promote skills-based hiring, and expand access to cyber education and training that will accelerate opportunities for Americans nationwide seeking good-paying, middle-class jobs in cyber.
The updated NCSIP document emphasizes the importance of forging international partnerships to achieve common objectives. It aims to establish a world where international standards promoting security are embraced, enhancing supply chain resilience.
Through investments from the National Telecommunications and Information Administration’s Public Wireless Supply Chain Innovation Fund, totaling over $140 million from a $1.5 billion fund, the initiative seeks to develop open, interoperable, standards-based networks. These investments are intended to drive competition, bolster global supply chain resilience, and reduce costs for consumers and network operators.
Recently, the White House announced that President Biden has signed a National Security Memorandum (NSM) to secure and enhance the resilience of the nation’s critical infrastructure sector. The NSM-22 intends to refine and clarify the roles and responsibilities of the federal government for critical infrastructure security, resilience, and risk management while working on identifying and prioritizing critical infrastructure security and resilience based on risk and implementing a coordinated national approach to assess and manage sector-specific and cross-sector risk.
Related
