security

To execute the national cyber strategy, it's going to take the whole … – Cybersecurity Dive


Editor’s note: Cybersecurity Dive broke the 69 initiatives out of the Office of the National Cyber Director’s implentation plan into a table, which you can find and explore at the bottom of the article.

Crafting a strategy to improve the nation’s cybersecurity required a significant yearslong effort from cyber authorities. Now, the hard work of bringing those goals to fruition hinges on the White House’s ability to delegate cyber initiatives to a broad set of government offices and agencies.

The implementation plan for the national cybersecurity strategy divides the strategy’s 27 objectives into 69 initiatives. One agency is assigned to take point on each initiative, and many are, at times, assigned to work with a cast of contributing government entities.

The Office of the National Cyber Director and the Cybersecurity and Infrastructure Security Agency are the most prevalent lead agencies, responsible for 14 and 10 initiatives each, respectively.

“For these 69 [initiatives] to really make a difference, the ONCD, Office of Management and Budget and the lead agencies will need to create alignment with private industry and establish better collaboration across federal agencies, which takes time, effort and consistency of purpose,” Katell Thielemann, VP analyst at Gartner, said via email.

While cyber experts and analysts applaud the desired outcomes of the strategy, the specific tasks and responsibilities now assigned to agencies underscore the challenges that lie ahead.

“The biggest challenge is the amount of coordination required between government agencies, internationally, and the private sector,” Allie Mellen, senior analyst at Forrester, said via email. “Every piece of this implementation plan requires active collaboration, which takes time to do thoughtfully.”

Covering the spread

The spread of responsibilities accentuates how the government expects most of the work to occur within agencies best suited to achieve specific goals —  even those agencies that haven’t traditionally been at the forefront of cybersecurity policy.

Readers Also Like:  Google Executive Turnover and Role Changes Come as the ... - Slashdot

While OMB is responsible for overseeing the performance of federal agencies and administering the federal budget, the ONCD is tasking it to also take the lead on 6 cyber-related initiatives, including modernizing federal civilian executive branch technology and leading the adoption of network security best practices.

Allan Liska, threat intelligence analyst and solutions architect at Recorded Future, said he was particularly pleased to see the State Department take the lead on multiple initiatives (eight, to be exact). The Department of State plays a critical role in achieving cooperation with other countries, he said.

Requiring greater investment and improvements in critical infrastructure security is core to the Biden administration’s efforts, but so too is the need to disrupt criminal activity in the U.S. and abroad.

The State Department is taking the lead on efforts to strengthen international partners’ cyber capacity and promote the development of secure IT and communications networks and services.

“You can’t just keep piling money into defense if the attacks are going to continue to grow and get more sophisticated,” Liska said.

“If the U.S. became super secure it wouldn’t matter at all if the rest of the world was constantly under attack,” Liska said. “Our data is everywhere, our partnerships, our connectivity is everywhere, and so a cyberattack in other countries does impact us.”

Ambitious timelines

There’s also the matter of timing – the government is slating more than two-thirds of the initiatives — 47 of the 69 — for completion by the end of fiscal year 2024, 14 months from now. All but two are designated to be done by the end of fiscal year 2025.

The initiatives are not equal in effort. One initiative calls for the government to study regional cyber hubs and others are aimed at disrupting ransomware crimes and the broader ransomware ecosystem.

Readers Also Like:  US cyberdefense agencies NSA and CISA disclose top 10 security ... - TechSpot

The aggressive timeframes suggest developing assessments and plans will be viewed as success, Thielemann said. “Whether that will move the needle with regard to reducing cyber risk and enhancing the nation’s resilience to cyberattacks is debatable.”

The deadlines are largely viewed as aspirational, and as such, ambitious, considering the undertaking and crisis at hand.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.