The White House has laid out plans and strategies for which President Biden’s administration would approach cybersecurity. In a statement published by the White House, President Biden captures the role which US software vendors and tech providers will play in the country’s fight against cyber threats.
The statement reads “Our collective cyber resilience cannot rely on the constant vigilance of our smallest organizations and individual citizens. Instead, across both the public and private sector, we must ask more of the most capable and best-position actors to make our digital ecosystem secure and resilient.”.
The statement also noted that the strategy will include national and federal cyber security bodies or initiatives, as well as an extensive range of private actors; “The federal government [will] also deepen operational and strategic collaboration with software, hardware and managed service providers with the capability to reshape the cyber landscape in favor of greater security and resilience.”
President Biden had previously signed an executive order in May 2021, to tighten America’s cyber defenses, while emphasizing more on public-private partnerships and information sharing. This was described as “the first of many ambitious steps” by the administration at that time, to modernize the US’ cyber defenses.
He later signed a new cyber security incident reporting mandate into law in March 2023, which made it a legal requirement for operators of critical national infrastructure to report cyber attacks to the United States government.
In a bid to make the U.S cyberspace “more inherently defensible and resilient”, the strategy also balances the responsibility of defending cyberspace by realigning the incentives to favor long-term investment.
It says “We must ensure that market forces and public programs alike reward security and resilience, build a robust and diverse cyber workforce, embrace security and resilience by design, strategically coordinate research and development investments in cyber security, and promote the collaborative stewardship of our digital ecosystem,”.
In a bid to achieve these fundamental shifts in the U.S cyber security approach, the strategy also outlines five pillars which are
1. Defending critical infrastructure
2. Disrupting and dismantle threat actors
3. Shaping market forces to drive security and resilience
4. Investing in a resilient future
5. Forging international partnerships to pursue shared goals.
Regarding the private sector’s role, the White House stated on the fact sheet that the five pillars would include public-private collaborations working at necessary speed and scale while engaging private sector threat actors’ disruption activities and diverting liability for security failures to software companies.
While adding that the White House will also work to expand the use of minimum cyber security requirements; modernize federal networks as well as incident response policies, which would promote privacy and security of personal data, strategically employing all tools of national power to disrupt adversaries.
This strategy would be implemented by the National Security Council (NSC) in collaboration with the Office of Management and Budget (OMB) and the Office of Nationa Cyber Director (ONCD), which are also tasked with making annual reports to the president and the congress on the strategy’s efficacy.
