In early March this year, as reported by the OODALoop website, the unveiling of the National Cybersecurity Strategy 2023 at the White House was a testament to the weight that the U.S. government places on cybersecurity, as it considers the publication to be truly incredible and the best of all the strategy documents produced over the decades, as well as a job well done by the leadership of the White House Office of the National Cyber Director.
It should not be forgotten that 2022 was marked by threats, incidents and vulnerabilities of breath-taking and relentless frequency, volume and scale. The vital role of federal cybersecurity professionals was highlighted by the U.S. government. They are considered to be the defenders who successfully fight to protect the homeland against a major cyberattack in the field of information and communication technologies (ICT), physical security, critical infrastructure or industrial control systems (ICS).
However, the strategy document is a clear look at the crucial role the private sector has always played in an industry sector led almost exclusively by governance, innovation, market forces, platforms and private sector products.
To this end, the 2023 National Cybersecurity Strategy lays out two fundamental changes in the way the United States allocates roles, responsibilities, and resources to cyberspace, and states that, in making these changes a reality, it aims not only to improve defences, but to change those underlying dynamics that currently work against U.S. interests. The two fundamental changes are:
- Rebalancing the responsibility for defending cyberspace by shifting the burden of cybersecurity away from individuals, small businesses and local governments, and doing so towards the organisations that are most capable and best positioned to reduce risks to all citizens.
- Realigning incentives to favour long-term investments and strike a careful balance between fending off today’s urgent threats while strategically planning for and investing in a resilient future.
This strategy recognises that the government must use all the tools of national power in a coordinated manner to protect national security, public safety and economic prosperity.
The strategy also shifts the burden of dealing with cyber threats from consumers and small businesses to technology companies that provide software, systems and services.
The roadmap, if adopted into law, would likely make technology companies liable for any vulnerabilities in their code that lead to a cyberattack.
The White House strategy document also calls out the governments of China, Russia, Iran, North Korea and other states considered autocratic for their reckless disregard for the rule of law and human rights in cyberspace.