The Biden administration is issuing marching orders to government agencies to make cyber policy goals a reality.
The White House on Thursday released an implementation plan for the National Cybersecurity Strategy. The plan outlines 65 high-impact initiatives that agencies must meet to stay ahead of emerging threats and sets timelines for achieving those goals.
Under the plan, 18 agencies will be responsible for leading at least one initiative, but many of its goals will require interagency coordination.
…
The Biden administration is issuing marching orders to government agencies to make cyber policy goals a reality.
The White House on Thursday released an implementation plan for the National Cybersecurity Strategy. The plan outlines 65 high-impact initiatives that agencies must meet to stay ahead of emerging threats and sets timelines for achieving those goals.
Under the plan, 18 agencies will be responsible for leading at least one initiative, but many of its goals will require interagency coordination.
Acting National Cyber Director Kemba Walden said Thursday that the implementation plan is a “living document” and will be updated annually to reflect the federal government’s evolving response to emerging threats.
Walden said the agency has already put many implementation plans into action, with “version 2.0” expected to be released next spring.
“Strategy is only useful if it leads to consistent actions,” Walden said at an Information Technology Industry Council event marking the announcement of the action plan.
Among its goals, the Implementation Plan directs the Office of Management and Budget to accelerate the IT modernization of federal civilian agencies by prioritizing “the elimination of legacy systems that are costly to maintain and difficult to defend.”
The White House also called on the Cybersecurity and Infrastructure Security Agency to foster public-private partnerships in an effort to ensure common technology tools are secure by design. CISA also establishes cyber incident and ransomware payment reporting requirements for critical infrastructure entities.
The administration is asking the Department of Defense to update its own National Cybersecurity Strategy to reflect the challenges posed by nation-states and other malicious actors that “pose a strategic-level threat” to the United States.
The Implementation Plan also suggests future workforce and education strategies that identify ways to maintain a stable pipeline of cyber professionals entering government and industry.
Nick Reiserson, Assistant National Cyber Director for Cyber Policy and Programs, said the Office of the National Cyber Director (ONCD) will release its next workforce strategy in the coming weeks.
“One of the biggest themes that emerged as we worked on development was the idea that if you want to have digital skills, you have to go upstream and be early in the digital skills development pipeline. We have the cybersecurity experts we need to be on the front lines of protecting our networks,” Riiserson told the Federal News Network on the sidelines of the ITI event.
Riserson said the White House recognizes the need for cybersecurity experts to assist infrastructure projects funded by the bipartisan Infrastructure Act, as well as energy and environmental projects under the Control Inflation Act. .
“As technology becomes more integrated into our lives than ever before, we realize that every American needs a set of digital skills to navigate the world,” he told the Federal News Network. We have to recognize what it means,” he said.
The implementation plan directs the National Cyber Directorate’s Office to work with OMB to harmonize baseline cybersecurity requirements for critical infrastructure.
Walden said ONCD is working on a request for information to give industry partners an opportunity to give feedback to the federal government on the state of cyber regulation. Once the RFI is out, ONCD will turn industry feedback into “actionable steps,” she said.
“Basically, what we’re looking for in our RFI and harmonization efforts is to better understand what a good reciprocity framework looks like,” Raiserson said. “A system that allows entities, corporations, and owners of critical infrastructure to demonstrate that it meets the typical enterprise IT baseline cybersecurity requirements present in the banking industry and enterprises worldwide. How do we set up the telecom sector, does it exist in our grid? and say, ‘Okay, we have proven that we meet the necessary requirements, so another regulation You don’t have to prove it to the authorities in any other way.”
Riserson added that the Biden administration aims to continue to adapt the cyber regulatory framework to the evolving standards of cybersecurity, saying, “What was state-of-the-art cybersecurity 20 years ago is absolutely not today. It’s not,” he added.
“What we want is to be able to incorporate changing requirements into the reciprocity framework. Yes, we’ve met the requirements,” he said. “Because we are operating this particular kind of technology within the grid and not in the banking sector, there may be some sector-specific things on top. expected.”
The implementation plan calls on government agencies to stay abreast of emerging cybertrends, such as advances in quantum computing that could thwart current encryption standards. Riserson said government agencies must also prepare for cyber threats from artificial intelligence.
“There are several societal challenges and opportunities that artificial intelligence presents,” he says. “From a cybersecurity perspective, what we would like to see is that strategic principles (such as secure design) are embedded in these AI software models. Because it’s software.”
He added, “New technologies will come. New threats will come. Something will change in our situation that needs to be addressed specifically with initiatives based on strategic principles.” But we didn’t think much about how the principles of the strategy apply to this particular case.We wrote an implementation plan.”
Many government agencies are already doing what the Implementation Guide calls for across government.
CISA announced Wednesday that a China-related cyber campaign targeted unclassified Microsoft cloud-based email accounts of federal agencies and other organizations.
The State and Commerce Departments were affected by the incident, but CISA said one of the affected agencies detected the breach through “enhanced logging.”
“Fundamentally, one of the things that I find encouraging on the federal cybersecurity side is that this issue was discovered by a US government agency and they immediately worked with the vendor (Microsoft in this case) to remediate the issue. And I think this is good news, as far as we’ve seen significant progress in our internal ability to discover what’s affecting each agency’s network and potentially affecting other networks. “Well,” Riserson said.
Copyright © 2023 Federal News Network. all rights reserved. This his website is not intended for users within the European Economic Area.
Summarize this content to 100 words
The Biden administration is issuing marching orders to government agencies to make cyber policy goals a reality. The White House on Thursday released an implementation plan for the National Cybersecurity Strategy. The plan outlines 65 high-impact initiatives that agencies must meet to stay ahead of emerging threats and sets timelines for achieving those goals. Under the plan, 18 agencies will be responsible for leading at least one initiative, but many of its goals will require interagency coordination….read moreThe Biden administration is issuing marching orders to government agencies to make cyber policy goals a reality.
The White House on Thursday released an implementation plan for the National Cybersecurity Strategy. The plan outlines 65 high-impact initiatives that agencies must meet to stay ahead of emerging threats and sets timelines for achieving those goals.
Under the plan, 18 agencies will be responsible for leading at least one initiative, but many of its goals will require interagency coordination.
Acting National Cyber Director Kemba Walden said Thursday that the implementation plan is a “living document” and will be updated annually to reflect the federal government’s evolving response to emerging threats.
Walden said the agency has already put many implementation plans into action, with “version 2.0” expected to be released next spring.
“Strategy is only useful if it leads to consistent actions,” Walden said at an Information Technology Industry Council event marking the announcement of the action plan.
Among its goals, the Implementation Plan directs the Office of Management and Budget to accelerate the IT modernization of federal civilian agencies by prioritizing “the elimination of legacy systems that are costly to maintain and difficult to defend.”
The White House also called on the Cybersecurity and Infrastructure Security Agency to foster public-private partnerships in an effort to ensure common technology tools are secure by design. CISA also establishes cyber incident and ransomware payment reporting requirements for critical infrastructure entities.
The administration is asking the Department of Defense to update its own National Cybersecurity Strategy to reflect the challenges posed by nation-states and other malicious actors that “pose a strategic-level threat” to the United States.
The Implementation Plan also suggests future workforce and education strategies that identify ways to maintain a stable pipeline of cyber professionals entering government and industry.Nick Reiserson, Assistant National Cyber Director for Cyber Policy and Programs, said the Office of the National Cyber Director (ONCD) will release its next workforce strategy in the coming weeks.
“One of the biggest themes that emerged as we worked on development was the idea that if you want to have digital skills, you have to go upstream and be early in the digital skills development pipeline. We have the cybersecurity experts we need to be on the front lines of protecting our networks,” Riiserson told the Federal News Network on the sidelines of the ITI event.
Riserson said the White House recognizes the need for cybersecurity experts to assist infrastructure projects funded by the bipartisan Infrastructure Act, as well as energy and environmental projects under the Control Inflation Act. .
“As technology becomes more integrated into our lives than ever before, we realize that every American needs a set of digital skills to navigate the world,” he told the Federal News Network. We have to recognize what it means,” he said.
The implementation plan directs the National Cyber Directorate’s Office to work with OMB to harmonize baseline cybersecurity requirements for critical infrastructure.
Walden said ONCD is working on a request for information to give industry partners an opportunity to give feedback to the federal government on the state of cyber regulation. Once the RFI is out, ONCD will turn industry feedback into “actionable steps,” she said.
“Basically, what we’re looking for in our RFI and harmonization efforts is to better understand what a good reciprocity framework looks like,” Raiserson said. “A system that allows entities, corporations, and owners of critical infrastructure to demonstrate that it meets the typical enterprise IT baseline cybersecurity requirements present in the banking industry and enterprises worldwide. How do we set up the telecom sector, does it exist in our grid? and say, ‘Okay, we have proven that we meet the necessary requirements, so another regulation You don’t have to prove it to the authorities in any other way.”
Riserson added that the Biden administration aims to continue to adapt the cyber regulatory framework to the evolving standards of cybersecurity, saying, “What was state-of-the-art cybersecurity 20 years ago is absolutely not today. It’s not,” he added.
“What we want is to be able to incorporate changing requirements into the reciprocity framework. Yes, we’ve met the requirements,” he said. “Because we are operating this particular kind of technology within the grid and not in the banking sector, there may be some sector-specific things on top. expected.”
The implementation plan calls on government agencies to stay abreast of emerging cybertrends, such as advances in quantum computing that could thwart current encryption standards. Riserson said government agencies must also prepare for cyber threats from artificial intelligence.
“There are several societal challenges and opportunities that artificial intelligence presents,” he says. “From a cybersecurity perspective, what we would like to see is that strategic principles (such as secure design) are embedded in these AI software models. Because it’s software.”
He added, “New technologies will come. New threats will come. Something will change in our situation that needs to be addressed specifically with initiatives based on strategic principles.” But we didn’t think much about how the principles of the strategy apply to this particular case.We wrote an implementation plan.”
Many government agencies are already doing what the Implementation Guide calls for across government.
CISA announced Wednesday that a China-related cyber campaign targeted unclassified Microsoft cloud-based email accounts of federal agencies and other organizations.
The State and Commerce Departments were affected by the incident, but CISA said one of the affected agencies detected the breach through “enhanced logging.”
“Fundamentally, one of the things that I find encouraging on the federal cybersecurity side is that this issue was discovered by a US government agency and they immediately worked with the vendor (Microsoft in this case) to remediate the issue. And I think this is good news, as far as we’ve seen significant progress in our internal ability to discover what’s affecting each agency’s network and potentially affecting other networks. “Well,” Riserson said.
Copyright © 2023 Federal News Network. all rights reserved. This his website is not intended for users within the European Economic Area.
https://federalnewsnetwork.com/cybersecurity/2023/07/white-house-puts-national-cyber-strategy-into-practice-with-implementation-plan/ White House puts national cyber strategy into action plan