Social Implications of the 2023 U.S. National Cybersecurity Strategy
Lexi Bowman
CYSE 425W: Cyber Strategy and Policy
Professor Aslan
April 10, 2025
In 2023, the U.S. National Cybersecurity Strategy (NCS) brought about a paradigm shift in how the country deals with cybersecurity. It embraces a whole-of-society approach to enhance digital resilience, unlike previous approaches that depended on the government or private organizations. This strategy is not only effective in addressing the rising cyber threats but also the increasing dependence on technology by society. In this paper, we shall explore the social factors that led to the formation of the NCS, the social implications of the implementation of the NCS, and the cultural and subcultural factors that influenced the formation of the strategy and its execution.
One of the major causes of the NCS was the increasing incidence of large-scale cyberattacks on critical infrastructure. For instance, the Colonial Pipeline ransomware attack led to fuel shortages in the southeastern United States, disrupted essential services, and brought into the light the vulnerabilities of our digital systems (Carroll, 2024). These cases raised the public’s awareness and demonstrated the necessity of a coordinated approach to safeguard the economy and people’s lives.
Furthermore, the COVID-19 pandemic accelerated the move of more services to the online platform, including education, healthcare, and work, which exposed the readiness of various communities. Lower-income families and other underprivileged communities did not have the same level of exposure to cybersecurity education and resources, thus being more exposed to the risks (Butler, 2023). This led to the emergence of policies that are inclusive and responsive to the needs of the entire American population, not only the wealthy.
At the same time, cultural attitudes toward privacy and government power had to be carefully considered. In the United States of America, people cherish individual freedom and are always on the lookout for the government to overreach. Thus, the strategy had to harmonize between the national security objectives and the protection of civil liberties. The NCS seeks to achieve this balance by emphasizing on accountability and transparency in the execution of the framework (Sharpe, 2023).
However, the NCS has its weaknesses, and the implementation of the NCS has some social implications. Another significant aspect is the need for increased interrelation between the government and private sector entities. Although this public-private partnership is essential for enhancing national cybersecurity, it has implications for privacy and surveillance, especially for the most vulnerable groups of people who are already being policed or monitored more than necessary (GAO, 2023).
Another big change is the enforcement of more regulations to ensure that companies adhere to a certain set of cybersecurity standards. Nevertheless, this is an important step in the right direction and has also brought forth issues of government interference and possible conflict with civil liberties (Chen, 2023). One of the greatest challenges that the NCS has faced and is likely to encounter in the future is the challenge of striking a balance between security and liberty.
Subcultural groups, particularly in the tech world and civil liberties organizations, have also been rather influential in the development of the NCS. These groups have advocated for ethical issues, open-source approaches and representation in policy making. Their contribution has helped to make sure that the strategy does not only benefit large corporations or government but also the general people (Institute for Security and Technology [IST], 2023).
Therefore, the 2023 National Cybersecurity Strategy represents a more measured and holistic approach to cybersecurity in the U.S. It was informed by critical social factors like inequality and trust, and it remains to be informed by cultural norms and stakeholder involvement. It provides a much-needed framework for enhancing digital resilience, but it has to keep on improving to protect the rights and meet the needs of people, not just the powerful or the connected.
Work Cited
Butler, A. (2023, October 4). Strengthening privacy and data protection policy in the national cybersecurity strategy. Electronic Privacy Information Center. https://epic.org/strengthening-privacy-and-data-protection-policy-in-the-national-cybersecurity-strategy/
Carroll, J. (2024). The U.S. National Cybersecurity Strategy: A vehicle with an international journey. European Conference on Cyber Warfare and Security, 23(1). https://doi.org/10.34190/eccws.23.1.2300
Chen, K. X. A. (2023, May 26). Cyberspace and American power – The US cybersecurity strategy 2023. S. Rajaratnam School of International Studies. https://www.rsis.edu.sg/rsis-publication/idss/ip23042-cyberspace-and-american-power-the-us-cybersecurity-strategy-2023/
Government Accountability Office. (2023, June 29). Cybersecurity: Launching and implementing the national cybersecurity strategy (GAO-23-106826). https://www.gao.gov/products/gao-23-106826
Institute for Security and Technology. (2023). IST reviews the 2023 national cybersecurity strategy: Analysis and next steps. https://securityandtechnology.org/blog/ist-reviews-the-2023-national-cybersecurity-strategy-analysis-and-next-steps/
Sharpe, A. (2023). USA: The three Rs of the US national cybersecurity strategy: Responsibility, regulation, and resilience. DataGuidance. https://www.dataguidance.com/opinion/usa-three-rs-us-national-cybersecurity-strategy
