"We need to make fundamental changes in the fundamental dynamics of digital ecosystems," the document says.
The strategy will include new rules and incentives to encourage technology companies to create safe products; Enact laws to limit data collection and use and establish cyber security forces.
It would also exclude competing countries from the US technology supply chain; Contribute to efforts towards digital identity and a safer Internet; and promote increased international cooperation in maintaining standards of good behavior on the Internet, including the prosecution and prosecution of cyber attackers.
According to the strategy, such efforts will require international cooperation and close cooperation with the private sector.
Ann Neuberger, vice president for cybersecurity and emerging technologies and assistant national security adviser at the Policy Center, said strong cybersecurity is critical to ensuring the availability of essential services that citizens rely on, from clean water to electricity. and International Studies (CSIS) event yesterday.
SHIFTING OF CYBER LIABILITIES
The Colonial Pipeline hack, which caused panic in several states, involved attackers obtaining employee passwords. Kemba Walden, the national director of cyber security, said at the event that one person's mistake should not turn into a crisis of this magnitude . Even small organizations, such as individual school districts, must contend with sophisticated cybercriminal syndicates.
"We expect that school districts will be fighting transnational criminal organizations largely on their own," Walden said. "This is not only unfair, but also ineffective."
Today's software security environment often assumes that end users, such as state and local governments, will be responsible for preventing phishing attempts and preventing cyber incidents.
Instead, most of the cybersecurity burden should be borne by the organizations with the most resources and influence: the federal government, the technology companies that build and maintain IT systems, and the owners and operators of strategically critical systems and data. .
These delays may lead to various actions, including new regulations; Laws that hold software companies liable for negligent security breaches while protecting the liability of responsible companies; Cybersecurity obligations and civil claims against laws restricting the collection, use, transfer and retention of data.
Market forces continue to reward companies that bring products to market quickly, rather than companies that wait until it's safe to bring a product to market.
In this environment, it is not enough to ask companies to improve voluntarily, they need to be managed according to strategy.
The White House has pledged to ease the industry's upcoming regulatory compliance burden. Walden said The goal is to create cybersecurity regulations that are loose, "hard" rules that are uniform across the industry and require all organizations to meet the same level of security. Ideally, companies don't have to spend a lot of time and money to comply with various regulations and can invest those resources in cybersecurity.
"What we aim to achieve is a competitive advantage for those who build security by design," Walden said. "Currently, we are not living in a 'safe for market' context, but in a 'first to market' context.
Neuberger said the White House is working to review and implement cybersecurity regulations for each critical infrastructure sector under its jurisdiction. He can ask Congress to give him new powers in other areas, such as education and critical manufacturing.
The White House will also encourage state governments and independent regulators to comply with cybersecurity requirements if they can do so in a "deliberate and coordinated manner," according to the strategy.
And regulators will look for ways to help companies with limited resources meet new cybersecurity expectations by taking tax breaks into account.
DISABILITY AND ASSAULT
The US intends to use a variety of tools to put constant pressure on cybercriminals to make attacks more expensive and harder for attackers.
All this means preventing illegal payments in cryptocurrency and taking down malicious botnets, alerting potential victims, detaining attackers and denying them entry.
"We're on the road, tearing down the infrastructure and taking money off the table, let's do it," Walden said.
This work requires public-private partnerships and international cooperation.
Internationally, the US plans to work with partners to condemn countries that violate cyber rules and cooperate with law enforcement. The United States will develop policies and mechanisms to decide when to provide assistance to allies and partner countries affected by major cyberattacks.
INTERNET SECURITY AND MANAGEMENT
The Internet's core infrastructure is vulnerable to vulnerabilities, and the federal government is particularly interested in advancing Internet security measures by implementing security improvements to its network, collaborating on new solutions, and conducting research.
"Many of the technical foundations of digital ecosystems are inherently vulnerable," the strategy states. "Every time we build something new on top of that foundation, we add new vulnerabilities and increase our overall exposure to risk."
The White House also wants to play an active role in developing international standards for the Internet to uphold US values. This inaction means that authoritarian states can achieve their goals, which the strategy says could lead to an internet that better enables "state control, censorship and surveillance."
Another goal of the digital ecosystem is to invest in secure digital identity solutions to reduce the risk of fraudsters misusing digital government services or identity theft. The White House has focused on solutions that advance goals such as interoperability, privacy and accessibility, and has announced government efforts to test mobile ID cards.
In the future, the federal government also intends to invest in researching the potential risks of new technologies and plans to reduce them. The main focus will be biotechnology and biomanufacturing; clean energy; and computing technologies such as quantum information systems, microelectronics, and artificial intelligence.
MEN AND NEXT STEPS
Cyber workforce shortages remain a significant challenge, and Walden's Office of the National Cyber Chief Executive (ONCD) will lead the development and implementation of a separate national cyber workforce and education strategy. This plan will look at ways to expand learning opportunities and increase the size and diversity of the cybersecurity workforce.
With a recently released cyber strategy, the White House is scrambling to implement it.
The strategy calls for achieving its goals by the end of the decade and Many initiatives to change the big picture, such as creating and aligning regulations and reshaping cybersecurity responsibilities, are multi-year efforts, Walden says .
The strategy is implemented.
"A strategy is only as good as its execution," says Walden. "ONCD...was created with the goal of implementing such a robust and forward-thinking strategy."
