In March 2023, The White House announced a new National Cybersecurity Strategy. The strategy outlines numerous broad goals for transforming government and critical industrial base through IT modernization. Usually, federal strategies such as these call on agencies or critical infrastructure industries to implement changes.
However, this strategy for securing critical infrastructure recognizes that government must use all tools of national power. For example, using federal purchasing power, the strategy begins to move more security responsibility to the providers of software and services. Additionally, it relies on regulations and requirements to “support national security and public safety” for supply chain cyber risks, and transfers some of those risks to the companies that create software.
Supply chain threats have allowed hackers to insert malicious code and caused major breaches and are some of the most difficult attacks to detect and respond to, typically because of weaknesses in software code. By requiring industry to use secure development standards and coding practices transfers some of the liability to software vendors that were previously shielded. It incorporates the principal of ‘duty of care’ in product development, i.e., a good-faith effort that a reasonably prudent person would make.
The National Cybersecurity Strategy is part of several recent software-based security directives. The Office of Management and Budget (OMB) released security guidance for software to agencies last fall, and in draft is a new Federal Acquisition Regulation requiring software suppliers to comply with secure development standards. The directive envisions working with Congress and the private sector over the long term to develop reasonable software liability legislation for all sectors of the economy. This will immediately influence federal market purchasing decisions in all IT areas.
Like the previous Zero Trust Pillars, the strategy encompasses broad goals and expands into a broader strategy for improving cybersecurity resilience.
The five pillars are:
As with others, this White House Strategy will be followed by clarification from the OMB and guidance from the Cybersecurity Infrastructure Agency (CISA) as the nation moves from protecting government and critical infrastructure to a broader application of security to business.
Ready to Get Started?
At Presidio Federal we aim to simplify the steps agencies should take to ensure they have a strong, resilient cybersecurity strategy and a fully equipped team. We serve as a trusted strategic partner to guide from strategy development, testing, evaluation, and beyond and provide agencies the secure infrastructure they need while ultimately, streamlining their cyber journey.
You can learn more about our cyber focused insights and resources on our Consolidating Cyber Support Microsite, explore our Security Center of Excellence, and start the conversation on working together here.
Pure is redefining the storage experience and empowering innovators by simplifying how people consume and interact with data. Pure is delivering a modern data experience—empowering agencies to run their operations as a true, automated, storage as-a-service model seamlessly across all clouds
Our team doesn’t disappear after delivery. Your federal workforce and systems will be supported with the right level of resourcing and thought leadership to take your systems into the future.
We leverage the knowledge and experience of our extensive partner ecosystem to create an environment of collaborative efficiency. The teaming process is agile, accountable and transparent. We work with clients to make sure that their entire chain of command is well-informed and educated. No surprises, only mission-driven delivery of innovation.
Our solutions leverage proven Knowledge Centers to repurpose relevant past experience for efficiency, but are then customized to match the moment and unique circumstances of an agency customer. We bring the right partners to the table to collaborate around architecture and design and then innovate beyond the challenge; often introducing next-level opportunities for automation, collaboration and commerce. Our solutions address those modernization challenges that require breadth, depth and a level of technical thought leadership that comes with a team that has worked both inside and outside government. We often work with agency customers as they are thinking through a problem and arm them with the tools and knowledge to articulate project scope, timing and budget.
We are wholly mission-focused, providing our government clients with broad and deep technical expertise and independent perspective on leading technology solutions. We take the time to deeply understand client challenges from the start – as well as their definitions of success. We guide them in harnessing advances in emerging technology while also looking ahead to anticipate future applications and opportunities that are entrepreneurial, ripe for automation.