Cybersecurity has always been a matter of grave concern for companies and businesses that deal with humongous quantities of data on a daily basis. Because of stringent data privacy laws, any breach of privacy or a data leak can cost heavily to these companies and businesses. Keeping the same in mind and enhancing the existing cybersecurity measures, the National Cybersecurity Strategy was held in the United States, this month. The aim of this strategy was “to secure the full benefits of a safe and secure digital ecosystem for all Americans.” The strategy has been making it to the papers since then. Wondering why? We will tell you. In yet another blog by Cybertech, we will be telling you in detail what was discussed in this strategy and what businesses should know about it. So, without any further ado, let’s get started.

What do the Minutes of the Meeting read?

The National Cybersecurity Strategy released a document that encompasses the minutes of the meeting. This seemed like a summary of what all discussions were made.

Taking into account that technology is a critical infrastructure, the National Cybersecurity Strategy has to protect it. All the industries operating in the suburbs of the USA need to meet the set cybersecurity requirements. In addition to that, it stated that private enterprises are a critical dependency for national security. A list of five pillars was introduced and discussed in detail. 

Read More: How to Explain the Basics of Cybersecurity to Students

The Pillars of Cybersecurity as per the National Cybersecurity Strategy

The following five pillars were discussed in great detail in the National Cybersecurity Strategy:

1. PILLAR: Defend Critical Infrastructure

From now onwards, the federal government will have a stronghold over the affairs of technology and its protection. This pillar was further substantiated with five strategic objectives. These are:

1.1 Establish Cybersecurity Requirements To Support National Security And Public Safety

1.2 Scale Public-Private Collaboration

1.3 Integrate Federal Cybersecurity Centers

1.4 Update Federal Incident Plans And Processes

1.5 Modernize Federal Defenses

Companies like oil, natural gas, aviation, and rail providers have established cybersecurity requirements that will now expand to all critical infrastructure providers. The administration is introducing more robust collaboration between the Certified Information Systems Auditor (CISA), Sector Risk Management Agencies (SRMAs), and private sector organizations to increase collaboration and improve partnership at scale. The administration will fuse cyber defense planning and operations across the government with the private sector and international partners. It’s no surprise that Zero Trust (ZT) continues to be one of the basic cybersecurity tips.

2. PILLAR: Disrupt And Dismantle Threat Actors

Well, it is pretty obvious that no government can completely tackle cyberattacks completely. So, this pillar’s goal is to level the playing field by making attacks more costly for the attackers, improving collaboration between the private sector and the public sector, and expanding breach notification requirements. 5 simple ways to improve cybersecurity have been encompassed as strategic objectives under this:

2.1 Integrate Federal Disruption Activities

2.2 Enhance Public-Private Operational Collaboration To Disrupt Adversaries

2.3 Increase The Speed And Scale Of Intelligence Sharing And Victim Notification

2.4 Prevent Abuse of US-Based Infrastructure

2.5 Counter Cybercrime, Defeat Ransomware

The administration’s goal is to make cyberattacks so costly that they are no longer profitable nor a viable means of achieving nation-state ends via disruption campaigns. Some security tools take this approach currently, such as using bot management tools to raise the costs of bot attacks. This will likely be a broader effort of combined technology disruption, however, plus ZT implementation to harden infrastructure. Breach notification is much more than a regulatory requirement. How organizations respond and communicate to stakeholders about data breaches and other disruptive events such as ransomware sets the tone for recovery. Infrastructure-as-a-service (IaaS) providers will be held to a higher standard in terms of the speed at which they must respond to and alert on cyberattacks. IaaS providers are effectively considered critical infrastructure now. Moreover, the administration is taking a four-pronged approach to cybercrime and ransomware defense - International cooperation, law enforcement investigations of ransomware actors, critical infrastructure resiliency and addressing abuse of virtual currency.

3. PILLAR: Shape Market Forces To Drive Security And Resilience

When it comes to an issue as grave as cybersecurity, then it calls for accountability and incentives: financial sticks and carrots to build security and resilience. And this is what the Biden administration is trying to incorporate into the US technology ecosystem. This pillar is further expounded by the following strategic objectives:

3.1 Hold The Stewards Of Our Data Accountable

3.2 Drive The Development Of Secure IoT Devices

3.3 Shift Liability For Insecure Software Products And Services

3.4 Use Federal Grants And Other Incentives To Build In Security

3.5 Leverage Federal Procurement To Improve Accountability

3.6 Explore A Federal Cyber Insurance Backstop

Organizations that collect, use, transfer, and maintain personal data have a responsibility for securing that data and protecting individuals’ privacy rights. Those companies who deal with and transfer data actually have the responsibility to protect it. And this is more than a regulatory obligation. It is a foundation for building trust and competitive differentiation in a digital world. Internet-of-things (IoT) devices are used in organizations of all sizes, locations, and industries to perform a variety of tasks. Because of a history of poor cybersecurity practices in development and deployment, IoT devices have become a prime target of attacks. Companies are in for a rude awakening, as the strategy makes them liable for security flaws in their products and services. With the government offering financial support to build security, now is the right time to gauge the maturity of your product security program and develop a roadmap for improving product security at every stage of the product lifecycle. For new products and prototypes, follow the principles of minimum viable security to make sure that security is right-sized even at the earliest stages. Cyber insurance is one component of a multilayered cybersecurity and risk management strategy. Organizations must address the current reality of cyber insurance market dynamics and increasingly stringent requirements for obtaining cyber insurance policies.

Read More: Basic Cyber Security Tips You Must Know

4. PILLAR: Invest In A Resilient Future

Every strategy requires looking ahead into the future and planning for disruption. This strategy is no exception. The following strategic objectives count upon this pillar:

4.1 Secure The Technical Foundation Of The Internet

4.2 Reinvigorate Federal Research And Development For Cybersecurity

4.3 Prepare For Our Post-Quantum Future

4.4 Secure Our Clean Energy Future

4.5 Support the Development Of A Digital Identity Ecosystem

4.6 Develop A National Strategy To Strengthen Our Cyber Workforce

The US’s governmental focus on vulnerable infrastructure is not a new idea; it is frequently overlooked, however, while planning for innovative technology adoption strategies. The US government’s proactive alignment with industry leaders, academia, and allied nations will foster global standards of interoperability, thereby increasing adoption rates while working toward global security standards. Much cybersecurity innovation has been driven by the investment community, focusing on solutions to solve individual cyber problems. This pillar is forward-looking and aims to drive investment in the security of “computing-related technologies, including microelectronics, quantum information systems, and artificial intelligence; biotechnologies and biomanufacturing; and clean energy technologies.” We expect this strategy to initiate even more cybersecurity innovation than we already have in the US — focused on these strategic areas — as the federal government encourages technology builders to improve cybersecurity. In recent months, the US government has pushed its agencies to plan for the transition to post-quantum cryptography. Now, it is also pushing the private sector to invest in that same migration. This will require major efforts in data discovery, encryption discovery as well as data protection re-architecture for cryptographic agility. Organizations should prepare for the risks to traditional cryptography and the move to post-quantum.

5. PILLAR: Forge International Partnerships To Pursue Shared Goals

Pillar Five breaks down the international relationships and norms that the US government has in place and hopes to establish for a broader impact on its cybersecurity initiatives. 

5.1 Build Coalitions To Counter Threats To Our Digital Ecosystem

5.2 Strengthen International Partner Capacity

5.3 Expand US Ability To Assist Allies And Partners

5.4 Build Coalitions To Reinforce Global Norms Of Responsible State Behavior

5.5 Secure Global Supply Chains For Information, Communications, And Operational Technology Products And Services

With existing partnerships in the United Nations, the Quadrilateral Security Dialogue, and others, the administration is establishing a set of shared goals for cyberspace. This will hopefully improve the collaboration and shared threat intelligence between nations, increasing visibility into threat actor activity. The federal government and the Department of State are enhancing military-to-military partnerships with other allied nations. The US recognizes the toll that recent cyberattacks against countries have taken and intends to enhance this partnership with groups such as NATO to build an incident support capability with allies. Cybersecurity norms have yet to be established and upheld by all nations as basic cybersecurity tips. The UN has some established norms for peacetime, but many nations fail to comply, and as of yet, there are no consequences for it. This establishes an intent to not only expand those norms to more nations but also to enforce them.

So, this was all businesses need to know about the National Cybersecurity Strategy.