A Review of the National Cybersecurity Strategy 2023
Caleb Mayo
Old Dominion University
CYSE 425W
11/3/2023
Introduction/Overview
The United States government has created this strategy to combat the emerging and prevalent threats to the nation’s cybersecurity as well as build a solid foundation for information security in critical sectors. This document is meant to address the problems in our nation’s Cybersecurity today as well as provide methods of solution that are to be implemented between all the important parties. In this paper, I will review this Strategy Documents, as well as provide my own personal commentary and perspective on some aspects that are well developed and some aspects that can be improved.
Pillar One: Defend Critical Infrastructure
The first pillar of the U.S National Cyber Strategy is to defend critical infrastructure in a way that supports all sectors. Some of the problems with the nation’s cybersecurity that are addressed include a gap in authorities for modern technology, little mandatory requirements in terms of cybersecurity policy for organizations, and a need to make security affordable for all organizations. To assist with the problem of little mandatory requirements for different sectors’ cybersecurity, the strategy outlined in this document calls for cybersecurity regulations designed specifically for each sector and has requirements and solutions for modern threats in Cyber but still maintains a competitive environment for these organizations. This pillar also wants to identify modern technologies that need some authority in cybersecurity, specifically the cloud industry because it is becoming increasingly more used by a large number of organizations, and current documentation for cybersecurity regulations do not have standards for everything concerning cloud. Not only does creating new policies for each sector help with disparities in authorities, it also allows for cybersecurity to be better budgeted by these organizations, making it more affordable.
Pillar Two: Disrupt and Dismantle Threat Actors
The second pillar in this cyber strategy document makes it clear that the overarching goal when dealing with possible threats and present threats is to create a cyber space where the idea of even attempting a security breach or hacking an infrastructure is no longer profitable for individual actors, and state-sponsored actors as well as hacktivists who would normally perform cyber attacks and exploits towards a mission or goal would see doing so as “ineffective”. To make this happen, the federal government wants to bring in more resources to disruption campaigns towards cyber threats and develop stronger collaboration between the public and private sectors in disrupting cyber threats. They also highlight non-profit organizations as the perfect platform for the public and private sector to work together in disruption campaigns.
Pillar Three: Shape Market Forces to drive Security and Resilience
This pillar was light in terms of subject matter and only focused primarily on keeping data accountable as well as the promotion of Internet of Things Technology development to maintain data security.
Pillar Four: Invest in a Resilient Future
Pillar four explains that the amount of resources invested in cyber security needs to increase nationally, and each dollar invested will be to make cyber security last in the future. To increase the amount of funds available for this, the federal government is to implement programs for new funding as well as promote present grant programs on a bigger scale. In addition a set of rules must be put in place between all sectors for keeping the internet available, secure, and transparent. To keep data safe in the future, there as a note to implement networks with quantum computing resistant encryption and cryptography. Another thing that this pillar wants to invest in is the cyber workforce of the future, creating new opportunities for cyber professionals to learn new skills while increasing diversity.
Pillar Five: International Partnerships to pursue Shared Goals
The purpose of this pillar is to create a strong and long-term collaboration with other nations to maintain the internet in a secure, reliable, and public perspective. With a focus on things that all nations use such as supplier chains as an example, and how to implement a communication system that supplier and distributor networks can use to maintain operations.
Pillar One Review
Defending Critical Infrastructure is arguably one of the more important pillars of this strategy, as the nation can’t function without critical infrastructure, and I think that this strategy recognizes that and does its best to find solutions to protecting critical infrastructure. However, the complicated part of a nationwide strategy is getting the nation to cooperate and work with the same urgency, effort, and efficiency all around the board. There are also laws and regulations that can put a holt on the improvement of cybersecurity in these areas. For example, in April of 2023 the Washington Post reported on the 8th Circuit Court of Appeals blocking a rule from the Environmental Protection Agency that called for the fortifying of the cyber security of public water systems (Kapko M., 2023). Even though making the cyber security of public water systems is a good thing, it takes time and resources that may not always work on schedule for everyone. Another possible issue that can come of implementing this strategy is cooperation and getting on the same timing. In September, the U.S Government Accountability Office noted that the FBI communicated a cyber threat to a non-profit organization five months after it was discovered (Office U.S.G.A, 2023). These inconsistencies in timing and creating a fast transition into a stronger cyber space for our critical systems makes it tremendously hard to get the work done. And in the mean time, threat actors are taking the opportunity to exploit these vulnerable systems before the United States can get it together. I think that the best way to mitigate this issue is to either enforce the cyber security needs of these systems, or provide some form of incentives for these organizations to work harder and work faster. Either way, if something doesn’t happen that can get each sector and each entity involved in the National Cyber Strategy on the same page, we are looking at another 50 years of threat actors gaining the advantage.
References
Kapko, M. (2023). To execute the National Cyber Strategy, it’s going to take the whole US Government. Retrieved from https://www.cybersecuritydive.com/news/national-cybersecurity-strategy-initiatives/688911/
Office, U. S. G. A. (2023). Retrieved from https://www.gao.gov/products/gao-23-105468
(N.d.). Retrieved from https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf