{"id":95480,"date":"2023-07-14T18:00:24","date_gmt":"2023-07-14T18:00:24","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4135852"},"modified":"2023-07-14T18:00:24","modified_gmt":"2023-07-14T18:00:24","slug":"white-house-launches-cybersecurity-implementation-plan","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=95480","title":{"rendered":"White House Launches Cybersecurity Implementation Plan"},"content":{"rendered":"<figure id=\"attachment_4050564\" aria-describedby=\"caption-attachment-4050564\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4050564\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/07\/white-house-launches-cybersecurity-implementation-plan.jpg\" alt=\"The White House press conference podium.\" width=\"770\" height=\"578\"><figcaption id=\"caption-attachment-4050564\" class=\"wp-caption-text\">Image: Maksym Yemelyanov\/Adobe Stock<\/figcaption><\/figure>\n<p>U.S. President Biden\u2019s administration this week released the first iteration of the National Cybersecurity Strategy Implementation Plan, which was <a href=\"https:\/\/www.techrepublic.com\/article\/biden-admin-cloud-cybersecurity\/\">announced in March 2023<\/a>. The plan aims to boost public and private cybersecurity resilience, take the fight to threat actors, beef up the defense of infrastructure and draw a clear national roadmap of cybersecurity responsibilities.<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"what\">What are the pillars of this cybersecurity plan?<\/h2>\n<p>Each initiative in the plan aligns with one of the five essential pillars:<\/p>\n<ul>\n<li>Defend critical infrastructure.<\/li>\n<li>Disrupt and dismantle threat actors.<\/li>\n<li>Shape market forces to drive security and resilience.<\/li>\n<li>Invest in a resilient future.<\/li>\n<li>Forge international partnerships to pursue shared goals.<\/li>\n<\/ul>\n<p>There are more than 65 federal initiatives under the banner of a National Cybersecurity Strategy Implementation Plan. According to a <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2023\/07\/National-Cybersecurity-Strategy-Implementation-Plan-WH.gov_.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">White House document<\/a> about the plan, it looks at two critical areas: the need for more \u201ccapable actors\u201d in cyberspace to shoulder more cybersecurity responsibilities and the need to incentivize and invest in long-term resilience.<\/p>\n<p>Eighteen agencies will lead the whole-of-government plan, which consists of a variety of activities, including updating the National Cyber Incident Response Plan and combating ransomware via the Joint Ransomware Task Force.<\/p>\n<p><strong>SEE: The White House is also <\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/white-house-harness-ai\/\"><strong>eyeing AI<\/strong><\/a><strong> (TechRepublic)<\/strong><\/p>\n<h3>Wanted: National cyber director<\/h3>\n<p>Drew Bagley, CrowdStrike\u2019s vice president, Counsel of Privacy and Cyber Policy, who the company said had an early look at the White House\u2019s plan, commented on the federal government\u2019s order of operations running through fiscal 2026.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>He said, \u201cThis is especially important because many items in the Strategy include multiple dependencies. While the Implementation Plan covers a lot of ground, it\u2019s clear that the authors applied significant focus on the broad application of Secure-by-Design\/Secure-by-Default principles.\u201d<\/p>\n<p>Referring to the first pillar, which is focused on securing infrastructure with a concentration on private\/public partnerships, Bagley said the Plan not only dedicates attention to clarifying the roles of risk management agencies but also places important responsibilities in the hands of the Office of Management and Budget.<\/p>\n<p>The Plan\u2019s release comes a day after the Cybersecurity Coalition \u2014 with four other security and software industry groups cosigning \u2014 sent a <a href=\"https:\/\/www.documentcloud.org\/documents\/23871231-letter-of-support-for-ncd-embargoed\" target=\"_blank\" rel=\"noopener noreferrer\">letter<\/a> to the White House urging the Biden administration to nominate a new National Cyber Director before the end of the month.<\/p>\n<p>Bagley pointed out that the Office of the National Cyber Director will also lead certain key initiatives, including driving regulatory harmonization, running exercise scenarios and establishing cells to increase adversary disruption efforts.<\/p>\n<h2 id=\"software\">Software supply chain is a new focus<\/h2>\n<p>The third pillar of the Implementation Plan focuses on securing the software supply chain, focused on software design resilience. VMware\u2019s principal cybersecurity strategist Rick McElroy lauded this plan; he said securing cloud software \u2014 software as a service \u2014 needs special focus.<\/p>\n<p>\u201cThe current NCSIP shows this administration\u2019s commitment to cybersecurity, building on executive orders and funds dedicated to transforming and modernizing the federal government\u2019s cybersecurity posture, which is long overdue,\u201d McElroy said. \u201cOne consideration for this, however, is a Software Bill of Materials for Cloud software. What is a Cloud SBOM? What does that look like? Conversely, how can SBOMs be applied to practical cybersecurity defense to take advantage of that data to cut down noise?\u201d<\/p>\n<p>He added that the current working group being led by the Cybersecurity and Infrastructure Security Administration is working to address this. \u201cBut there remains a gap in SBOM discussions. SaaSBOM is a must in a cloud-first world,\u201d McElroy emphasized.<\/p>\n<h2 id=\"plan\">Plan includes taking the fight to cybercriminals<\/h2>\n<p>The second pillar of the Plan involves the Department \u201cIncreasing the volume and speed of disruption campaigns against cybercriminals, nation-state adversaries, and associated enablers (e.g., money launderers) by expanding its organizational platforms dedicated to such threats and increasing the number of qualified attorneys dedicated to cyber work,\u201d the Plan document states.<\/p>\n<p>The fifth pillar focuses on developing international collaboration; the administration\u2019s document said the federal government must develop coordinated operations.<\/p>\n<p>\u201cTo proactively defend ourselves, we also need a real-time map of cybercriminal activity across the internet. Organizations and countries are more than ready to form coalitions with their trusted allies to create a secure and thriving digital landscape,\u201d said Andrea Hervier, global head of partnerships at CrowdSec. Hervier was part of the French cybersecurity delegation that met with the CISA and teams at The White House in the leadup to the release of the strategy earlier this year.<\/p>\n<h2 id=\"balancing\">Balancing security regulation and best practices<\/h2>\n<p>Programs such as the CISA\u2019s effort to improve platforms for exchanging information will make it easier for organizations with fewer resources to understand, prioritize and respond to threats, according to Ron Nixon, federal chief technology officer at Cohesity and a former Army Cyber Command adviser. However, he worries about the stifling influence of over-regulation.<\/p>\n<p>\u201cThe balance between accountability for security best practices and not over-regulating remains tricky. I\u2019d like to see more clarity around how different agencies will lay down industry-specific guidance, as groups like hospitals, banks and SaaS startups will all have different assets, talent and capabilities,\u201d Nixon said. \u201cMy hope is that once the National Security Council clarifies this, and private-sector organizations are clear on best practices and nuances for their specific industry, they can then bring their entire organization up to par, holding their leadership \u2014 from cyber to IT, risk, legal and HR \u2014 accountable for fulfilling their end of the bargain.\u201d<\/p>\n<h2 id=\"private\">The private sector must keep the focus on cyber resiliency<\/h2>\n<p>John Hernandez, president and general manager at Quest Software and a former senior executive at Salesforce and IBM, said the federal government has been focused on cloud-first initiatives since 2016. He cited the government\u2019s work to fully implement cyber incident reporting requirements through the <a href=\"https:\/\/www.cisa.gov\/topics\/cyber-threats-and-advisories\/information-sharing\/cyber-incident-reporting-critical-infrastructure-act-2022-circia\" target=\"_blank\" rel=\"noopener noreferrer\">Cyber Incident Reporting for Critical Infrastructure Act of 2022<\/a>, as well as holding infrastructure-as-a-service providers and software makers to secure-by-design standards.<\/p>\n<p>\u201cHowever, while the strategy can take away much of the burden of setting cybersecurity standards and helping organizations with limited resources, private-sector leaders still need to hold themselves accountable and create a proactive, long-term resilience strategy,\u201d Hernandez said. \u201cMy recommendation is for enterprises with legacy infrastructure to invest in resilience from the inside-out, from both a technology and culture perspective, and ensure everyone has a stake in adapting to the latest ups and downs in the security ecosystem.\u201d<\/p>\n<p> <!-- default newsletter at the end --> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: Maksym Yemelyanov\/Adobe Stock U.S. President Biden\u2019s administration this week released the first iteration of the National Cybersecurity Strategy Implementation Plan, which was announced in March 2023. The plan aims to boost public and private cybersecurity resilience, take the fight to threat actors, beef up the defense of infrastructure and draw a clear national roadmap [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":95481,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,788,783,56,130,287],"tags":[],"class_list":["post-95480","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloud-security","category-cloudsync","category-cybersecurity","category-government","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95480","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95480"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95480\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/95481"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95480"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95480"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95480"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}