Last week the Biden-Harris administration released the National Cybersecurity Strategy. Some of the key messages emphasize where the U.S. government wants to allocate its cybersecurity spending and who should be responsible for protecting cyberspace. In September 2022 the Biden-Harris administration announced $1 billion in funding for state and local governments through the bipartisan Infrastructure Investment and Jobs Act. $185 million dollars was allocated for fiscal year 2022. The IIJA also created the Cyber Response and Recovery Fund. This fund gives CISA $100 million over 5 years for added resources to responded to cyber incidents and to offer to grants to state and local governments. The National Cybersecurity Strategy approach focuses on five pillars which highlight the likely goals for this future spending.
Below are some of the stand out initiatives within the five pillars:
1) Defend Critical Infrastructure
The National Cybersecurity Strategy focuses on expanding the use of minimum cybersecurity requirements in critical sectors, and modernizing Federal networks.
2. Disrupt and Dismantle Threat Actors
The Strategy emphasizes both engaging the private sector and addressing ransomware threats through a “comprehensive Federal approach and in lockstep with our international partners”.
3. Shape Market Forces to Drive Security and Resilience
This strategy directly announces placing the responsibility of cybersecurity on software producers and away from the consumer:
“We will place responsibility on those within our digital ecosystem that are best positioned to reduce risk and shift the consequences of poor cybersecurity away from the most vulnerable in order to make our digital ecosystem more trustworthy, including by:
Shifting liability for software products and services to promote secure development practices”
4. Invest in a Resilient Future
The strategy focuses on investing more in next-generation technologies and developing a “diverse and robust national cyber workforce”.
5. Forge International Partnerships to Pursue Shared Goals
The final pillar aims to increase collaboration and accountability of international partners by increasing their capacity to defend against cyber threats. It also states the importance of securing global supply chains for ICT products and services.
The strategy specifically focuses on combatting ransomware and holding software developers responsible for their products’ cybersecurity. The Biden-Harris strategy also mentions increasing the minimum cybersecurity requirements for Federal networks and critical infrastructure. These announcements are important because this strategy will dictate funding and regulations over the next few years. The strategy’s goal to “Invest in a Resilient Future” is already implemented in the $185 million dollar funding in the Infrastructure Investment and Jobs Act. One of the main purposes of the funding is cybersecurity workforce development. State and local government applicants are also required to create a cybersecurity planning committee that oversee a cybersecurity plan. These cybersecurity plans need to address protecting against ransomware attacks through improving cybersecurity incident response and identifying areas to improve cybersecurity posture.