Unpacking the U.S. National 2018 Cyber Strategy
It finally happened. On Sept. 20, the White House announced the long-anticipated, arguably overdue release of the National Cyber Strategy of the United States of America. Described by officials as the “first fully articulated cyber strategy in 15 years,” the plan outlines the federal government’s proposal to protect the country against cyber threats and attacks. Essentially, it vows to secure America’s cyberspace.
Great. Awesome. So what exactly does that mean?
The strategy provides a broad four-pillar framework for cybersecurity that takes an aggressive approach to protect the nation from cyberthreats, and lays out a set of broad actions that will allow the United States to advance technological innovation and societal prosperity in the face of these mounting cyber risks.
Specifically, the four pillars include:
- Defend the homeland by protecting networks, systems, functions, and data.
- Promote American prosperity by nurturing a secure, thriving digital economy and fostering strong domestic innovation.
- Preserve peace and security by strengthening the ability of the United States – in concert with allies and partners – to deter and, if necessary, punish those who use cyber tools for malicious purposes.
- Expand American influence abroad to extend the key tenets of an open, interoperable, reliable, and secure Internet.
The new strategy is actually an updated version of the National Strategy to Secure Cyberspace that came out in 2003. The new document builds on the original version, factoring in the current threat landscape.
One of the biggest, most notable updates is that the new strategy defines “cyber” as an element of U.S. national power, outlining a more aggressive stance against nations that intend the U.S. cyber harm (Russia, Iran, North Korea and China are named as the top bad guys in cyberspace, and are called out for conducting “reckless cyberattacks” against the U.S. and its allies.) This is the strongest declaration of it’s kind that the U.S. has ever made in this capacity.
Basically, we’re putting up our dukes. Vowing to play better offense. Guarding the goal. You get it.
Also of note is the acknowledgement of the importance that the internet plays in the U.S. economy. To be fair, the 2003 original also played this up, but the new and improved strategy dredges it up and highlights it once more, restating the idea of an open, reliable and secure internet that “would carry the universal aspirations for free expression and individual liberty around the world.”
In contrast to the original 2003 outline, the updated strategy is much more concise in terms of talking about cyberthreats and challenges, and more to the point when outlining the actions and steps to be taken.
“This broad albeit high-level strategy is conceptually a major step in the right direction,” says Setu Kulkarni, vice president of corporate strategy for WhiteHat Security. “From our experience, we know that operationalization of security is going to be a challenge, and we look forward to strong measures driven top down to put this strategy into practice.”
Kulkarni goes on to say that the strategy, hopefully, is a step in making trust and privacy for citizens a fundamental right. Today, the nation is crushed under what seems to be an insurmountable breach volume. With these requirements in place, and if implementation is successful, this strategy could alleviate the challenges of cybersecurity.
By securing federal networks and information and focusing on supply-chain risk management, it will become easier to secure the dependent commercial networks and information.
“The government’s focus on cyber skill development is the right one,” says Kulkarni. “Knowledge and research is power, and by focusing on cyber skill development, the nation will become the leading cyber force in the world — a position that is only commensurate with the leadership position that the United States holds globally. “
So what does the new strategy mean for the channel? For MSPs?
The new measures for strengthening federal-contractor cybersecurity could create a solid implementation plan for allowing innovative solutions to be brought to market and into the three-letter agencies faster with reduced bureaucratic processes.
To foster speed and agility, trusted federal contractors and managed security providers must be allowed to innovate in the security space on the federal and state government level as well as with defense agencies.
“Innovation in the channel and within managed-security services will go a long way in shortening the time to market for secure federal networks and information, ultimately leading to a much safer digital society, given that personal information is linked to federal systems like SSN, TIN [and so on],” states a hopeful Kulkarni.