| Entities | Biden White House (21) |
| Topics and Issues | Cybersecurity (7) |
In March 2023, the White House announced a “National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans. In this decisive decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society.” The 39-page plan is online.
One of the features of this strategy is the call for the private sector to share the need for cyber defenses. The announcement said that “[w]e must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.” The strategy also called for a “realign[ment]” of “incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.”
The strategy is organized around five pillars: defending critical infrastructure; disrupting and dismantling threat actors; shaping market forces to drive security and resilience; investing in a resilient future; and forging international partnerships to pursue shared goals. It calls on agencies to identify “gaps in authorities to drive better cybersecurity practices in the cloud computing industry and for other essential third-party services, and work with industry, Congress and regulators to close them.”
Of particular interest to members are the first and third pillars. Pillar one, “defend critical infrastructure,” suggests possible rulemaking for critical sectors. Pillar three is the shaping of market forces to promote security and flexibility. Here, the National Cybersecurity Strategy’s fact sheet discusses the placement of
…responsibility on those within our digital ecosystem that are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable in order to make our digital ecosystem more trustworthy, including by:
-
- Promoting privacy and the security of personal data;
- Shifting liability for software products and services to promote secure development practices; and,
- Ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient.
The plan for this third pillar calls for national data security standards that follow NIST guidance and calls for legislation to “impose robust, clear, limits on the ability to collect, use, transfer, and maintain personal data and provide strong protections for sensitive data like geolocation and health information.”