Breaking Down the New National Cybersecurity Strategy

Federal Computer Week Feature: Edge Computing and Hybrid Cloud are Keys to Modernization

March 22, 2023

Doubling Down on Data Storage

April 7, 2023

March 28, 2023

In March 2023, The White House announced a new National Cybersecurity Strategy. The strategy outlines numerous broad goals for transforming government and critical industrial base through IT modernization. Usually, federal strategies such as these call on agencies or critical infrastructure industries to implement changes.

However, this strategy for securing critical infrastructure recognizes that government must use all tools of national power. For example, using federal purchasing power, the strategy begins to move more security responsibility to the providers of software and services. Additionally, it relies on regulations and requirements to “support national security and public safety” for supply chain cyber risks, and transfers some of those risks to the companies that create software.

Supply chain threats have allowed hackers to insert malicious code and caused major breaches and are some of the most difficult attacks to detect and respond to, typically because of weaknesses in software code. By requiring industry to use secure development standards and coding practices transfers some of the liability to software vendors that were previously shielded. It incorporates the principal of ‘duty of care’ in product development, i.e., a good-faith effort that a reasonably prudent person would make.

The National Cybersecurity Strategy is part of several recent software-based security directives. The Office of Management and Budget (OMB) released security guidance for software to agencies last fall, and in draft is a new Federal Acquisition Regulation requiring software suppliers to comply with secure development standards. The directive envisions working with Congress and the private sector over the long term to develop reasonable software liability legislation for all sectors of the economy. This will immediately influence federal market purchasing decisions in all IT areas.

Like the previous Zero Trust Pillars, the strategy encompasses broad goals and expands into a broader strategy for improving cybersecurity resilience.

The five pillars are:

Defend critical infrastructure
Disrupt and dismantle threat actors
Shape market forces to drive security and resilience
Invest in a resilient future
Forge international partnerships to pursue shared goals

As with others, this White House Strategy will be followed by clarification from the OMB and guidance from the Cybersecurity Infrastructure Agency (CISA) as the nation moves from protecting government and critical infrastructure to a broader application of security to business.

Ready to Get Started?

At Presidio Federal we aim to simplify the steps agencies should take to ensure they have a strong, resilient cybersecurity strategy and a fully equipped team. We serve as a trusted strategic partner to guide from strategy development, testing, evaluation, and beyond and provide agencies the secure infrastructure they need while ultimately, streamlining their cyber journey.

You can learn more about our cyber focused insights and resources on our Consolidating Cyber Support Microsite, explore our Security Center of Excellence, and start the conversation on working together here.