What You Need to Know About Biden’s Long Awaited Cybersecurity Strategy
The Biden Administration’s long awaited National Cybersecurity Strategy was released outlining the strategy, goals, and implementation plan to drive a robust, collaborative approach to securing our global digital landscape. To mitigate the ever-mounting risk in both the public and private sectors, The White House places cybersecurity as a central tenant to the functioning of our economy and the strength of our democracy.
The digital world has become increasingly complex and central to our global society. And while the ubiquity of the internet transformed the world in endless positive ways, it has also opened the floodgates for global criminal activity with wide-reaching consequences.
As Biden states in the opening of the document, “As I often said, our world is at an inflection point. This includes our digital world. The steps we take and the choices we make will determine the direction of our world for decades to come. People and technology are increasingly linked, further enabling the very best and the very worst of humanity”.
Cybersecurity Is an Essential Anchor to the Future of Our Economy
While the released strategy goes into great detail over its 39 pages, the overarching message is clear – “Cybersecurity is essential to the basic functioning of our economy, the operation of our critical infrastructure, the strength of our democracy, the privacy of our data, and our national defense”. The sophistication of today’s threat actors continues to rapidly accelerate, posing a significant threat to both our personal and national security. This is further compounded by the complexity of the global stage and perpetuated by autocratic states aggressively using advanced cyber capabilities to take down critical infrastructure and systems, in both the public and private sector.
The urgency to address these issues has become acute and The Biden Administration is calling on both the public and private sectors to prioritize cybersecurity initiatives and accelerate adoption of best-practices.
As the leading internet intelligence data provider for both the public and private sector, at Censys, we see firsthand through our customers and our own threat hunting, that the cybersecurity landscape is rapidly evolving and that bad actors are adjusting their tactics at alarming rates. And unfortunately, most organizations do not have visibility into critical vulnerabilities.
As Biden states “we must realign incentives to favor long term investments in cybersecurity. We must defend the system we have now, while investing and building toward a future digital system that is much more resilient”. In other words, the time to invest in cybersecurity initiatives is now.
To outline their strategy, the Biden Administration has outlined five strategic pillars, which we will cover below.
Pillar 1: Defend Critical Infrastructure
Critical infrastructure are the assets, systems, and networks (both physical and virtual) that are essential to a functioning economy and national security. And because these vital networks are both public and private sector, we must collaborate to ensure these networks are secure and protected from bad actors.
The document states “defending critical infrastructure against adversarial activity and other threats requires a model of cyber defense that emulates the distributed structure of the internet. Combining organizational collaboration and technology-enabled connectivity will create a trust-based ‘network of networks’ that builds situational awareness and drives collective action”.
In order to drive the collaboration needed to protect and defend these networks, organizations must leverage technology solutions to coordinate efforts, increase visibility into vulnerabilities, and accelerate incident response.
Pillar 2: Disrupt and Dismantle Threat Actors
Malicious actors, many operating outside of the United States, are a massive threat to national security. By exploiting vulnerabilities, these attacks have caused billions of dollars in damage, disrupted our critical infrastructure, and attacked both businesses and individuals alike.
It has been proven that collaboration across Federal and non-Federal organizations has been effective at thwarting and punishing cybercriminals and state-sponsored actors. Now, we need to double down on this strategy across the public and private sectors to share intelligence. It is paramount that the public sector benefits from the innovation, scale, and capabilities the private sector has built.
And because technology is the connective tissue, the Biden Administration makes it clear that “all [technology] service providers must make reasonable attempts to secure the use of their infrastructure against abuse or criminal behavior”. Cybersecurity measures can not be an afterthought, it must be a priority and these organizations must be accountable.
Pillar 3: Shape Market Forces to Drive Security and Resilience
“To build the secure and resilient future we want, we must shape market forces to place responsibility on those within our digital ecosystem that are best positioned to reduce risk”. Every entity – public and private – must prioritize cybersecurity initiatives to secure our collective digital economy.
Even with the incidences of cyber threats accelerating on a daily basis, these realities have clearly not been enough to drive organizations to implement the technology and processes needed to ensure safety, and the repercussions of these non-actions are clear.
As organizations race to innovate and accelerate growth, they rely on software providers for scale and efficiencies. Unfortunately, many software vendors are not investing in cybersecurity best practices, thus leaving their customers vulnerable to attack. The document states “poor software security greatly increases systemic risk across the digital ecosystem and leaves American citizens bearing the ultimate cost”.
To decrease this risk, the Biden Administration believes that the liability must be placed on those that fail to take the right precautions in securing their software. Moving forward, there will be no tolerance for commercial organizations that don’t prioritize cybersecurity.
The Administration is planning on working internally and with the private sector to develop legislation that enforces this liability.
Pillar 4: Invest in a Resilient Future
The Biden Administration believes that the future of our digital world depends on making the right investments today. By only focusing on short term investments and not prioritizing what we need as a collective nation, sets us up for future failure. By laser focusing on cybersecurity initiatives, “the United States will maintain its leading role as the world’s foremost innovator in secure and resilient technologies and infrastructure.
This means we must address the cybersecurity gap that exists today, through technology and bolstering the workforce with the skills necessary to build our cybersecurity proficiencies as a nation. Both private and public sector organizations have massive challenges filling these critical security roles, and the government is doubling down on strategies to fill those gaps.
To address this issue, the Administration will implement a National Security Workforce and Education Strategy to increase skills training for critical roles.
Pillar 5: Forge International Partnerships that Pursue Shared Goals
Due to the increase in state-sponsored actors, cybersecurity initiatives must be global. The United States will closely collaborate with national security stakeholders and allies to advance common security interests.
As the document points out, “ most malicious cyber activity targeting the United States is carried out by actors in foreign countries or using foreign computing infrastructure, we must strengthen the mechanisms we have to collaborate with our allies and partners so no adversary can evade the rule of law”.
Through the implementation of technology, exchanging security best-practices, and coordinating policy and incident responses, we can bolster cybersecurity capabilities world-wide.
So, What’s Next?
The Biden Administration realizes that proper implementation is the key to achieving the objectives outlined in this document. In collaboration with NSC, OMB, and ONCD, the Biden Administration will develop policies and plans for implementation across both the public and private sector.
While we don’t yet know the exact policies and implementation requirements, it is clear that we are undergoing a sea-change. The security of our digital world must be a shared responsibility across all sectors.
Understand Everything on the Internet
The key to an effective cybersecurity strategy is access to data that arms organizations with the critical information they need to identify, prioritize, and remediate advanced threats and exposures. This means visibility into known and unknown assets, vulnerable services, and critical exposures.
Censys partners with both the public and private sector to empower security teams with the most comprehensive, accurate, and up-to-date map of the internet to defend attack surfaces and take down threats in real-time.