Should SMEs take cybersecurity seriously?
Should you or should you not? That's the question. Take a quick detour to get an idea on the question!
Get fresh insights, pro tips, and thought starters–only the best of posts for you.
Aug 3, 2023
12 min read
Three months after releasing the National Cybersecurity Strategy (NCS) 2023, the Biden-Harris administration followed up on the agenda by releasing the first official draft of an implementation plan. On July 13, 2023, the White House set the ball rolling on improving and strengthening America’s cybersecurity posture. The multiyear implementation plan, NCSIP, was indeed everything that the governing bodies and industry leaders hoped for and more. From answering the who, what, and how of all the pointers in the NCS 2023 to hashing out a proper timeline to work on every single agenda, the NCSIP lays down a proper roadmap.
So, as we’ve seen, earlier this year, the U.S. government officially replaced the 2018 Trump administration cybersecurity strategy by releasing the latest iteration of the country’s cybersecurity plans. The new National Cybersecurity Strategy effectively capitalizes on its predecessor with finer tweakings to cater to the needs of the current cyberspace. Essentially, the strategy strives to strike the perfect balance between maintaining the progress achieved in various areas while also advancing and refining the strategic initiatives initially introduced by the 2008 Comprehensive National Cybersecurity Initiative.
The new strategy emphasizes two significant shifts
This approach offers a new outlook on how the government and private sector handle cyber risks. It recognizes that users often bear an uneven burden in managing these risks. It suggests a significant change by advocating for legislation that holds providers responsible for not meeting crucial security standards. While reaffirming the government’s role in safeguarding its systems and conducting diplomatic, law enforcement, and intelligence activities, the strategy highlights the importance of private entities proactively safeguarding their systems.
A lot of chatter around the net might lead you to believe that the entire 39-page strategy boils down to transparent cooperation between public and private sectors (or state and non-state actors, if you will) to secure cyberspace. However, it’s not that simple. And that is probably why the strategy has a five-pillar-based approach. Here’s a look at the five pillars to get a quick grasp over their priorities.
National security, public safety, and economic prosperity sum up the primary concerns of any country. And, of course, defending critical infrastructure is crucial to ensuring all three. Establishing a collaborative defense model that shares responsibility and enhances security is essential. This, right here, is the basis of the first pillar of the NCS. And so, cybersecurity protections are being mandated in critical sectors, with potential regulations for others. Citing the “Shields Up” campaign, the first pillar advocates for increased private sector involvement. The Federal Government is focusing on improving its own cybersecurity, aiming to be a model for secure and resilient systems in critical infrastructure nationwide. Here’s a sneak peek at the priorities.
The United States is committed to using all available means, including diplomacy, military, intelligence, and law enforcement capabilities, to counter and dismantle threat actors that pose a risk to its interests. And so, the goal of the NCS’s second pillar is to prevent sustained cyber campaigns that threaten national security and public safety. The focus is on enhancing collaboration, intelligence sharing, and disruption campaigns to deny adversaries the use of U.S. infrastructure and combat global ransomware efforts. Here’s a quick run down on the priorities for the second pillar.
A secure and resilient digital future. This promise is why the United States aims to influence market dynamics by assigning responsibility for reducing cybersecurity risk to those best positioned within the digital ecosystem. The goal of the third pillar is to shift the impact of poor cybersecurity away from the vulnerable, making the ecosystem more trustworthy. Market forces will be guided to enhance the country’s resilience and security while preserving innovation and competition in the digital economy. Moreover, the Administration will ensure the long-term security and resilience of the digital ecosystem against current and future threats. The objective is to foster better cybersecurity practices and provide market stability during catastrophic events. Priority listings under this pillar include:
Investments made today are essential for a resilient and thriving digital future. The United States aims to create a more secure, resilient, private, and equitable digital ecosystem through strategic investments and collaborative efforts. By doing so, the U.S. will maintain its role as a global leader in secure next-gen technologies and infrastructure.
This resource kit will help your company adopt the right cybersecurity strategy to secure your business.Download kit
Crucial elements of the digital ecosystem, like the Internet, are the results of joint public and private investments. However, cybersecurity investments have lagged behind evolving threats. As new digital infrastructure emerges and revolutionary tech changes approach, addressing this investment gap becomes more urgent. And so, the fourth pillar of the strategy shines a light on how the Federal Government will use public investments in innovation, R&D, and education to drive sustainable outcomes in the national interest. Various programs, including the National Science Foundation’s initiatives and new grant opportunities, will be leveraged to ensure U.S. leadership in technology and innovation. The goal is to combine innovation with security to counter adversarial threats and ensure resilience as an integral part of new technical capabilities. Here’s a look at the priorities.
The United States aims to establish a global environment. A world where responsible state behavior in cyberspace is rewarded, while irresponsible actions are punished. And so, the U.S. plans to collaborate with international partners by leveraging coalitions and partnerships among like-minded nations to address threats to the digital ecosystem. Historically, the U.S. has utilized international institutions like the United Nations to develop norms and measures for responsible state behavior in cyberspace. This includes frameworks like the UN Group of Governmental Experts and the Budapest Convention on Cybercrime. The fifth pillar of the NCS promises to continue with these efforts and prioritize:
Across the five-pillar-based approach of the new National Cybersecurity Strategy, the overarching vision of the Strategy is to safeguard the potential of the digital future by ensuring that the ecosystem becomes:
And that, ladies and gentlemen, is the new NCS strategy in a nutshell. So now, what is the NCSIP, National Cybersecurity Strategy Implementation Plan?
If the strategy represents the president’s vision for the future, then this implementation plan is the roadmap to get there.
This is what the Acting National Cyber Director (NCD) Kemba Walden had to say about the 57-page long document. So, let’s get back to our original question of what exactly the NCSIP is. Well, to put it simply (at the cost of sounding redundant 😁), the NCSIP is an implementation plan for the NCS. Accordingly, the plan delineates around sixty-five high-impact initiatives. These are initiatives that various agencies must undertake to proactively address emerging threats. Also, the plan specifies a detailed timeline for achieving these objectives. While eighteen agencies will spearhead individual initiatives, the majority of the plan’s goals necessitate close interagency collaboration.
As mentioned, eighteen federal departments and agencies have been chosen to lead various initiatives. Notably, key responsibilities are assigned to entities such as the Office of the National Cyber Director (ONCD), Cybersecurity and Infrastructure Security Agency (CISA), National Institute of Standards and Technology (NIST), Department of Defense, Department of Justice, Department of State, Department of Homeland Security, and the FBI. These organizations will play significant roles in the implementation process. The ONCD and the Office of Management and Budget (OMB) will take point in leading the administration’s efforts and funding proposals respectively. Now, while the plan lacks immediate funding, it does reference forthcoming budget requests, including the Administration Cybersecurity Priorities for the FY 2025 Budget.
Moving on, keen ears here and there will catch news snippets referring to the NCSIP as a “living document.” Why is that? Well, this is because when compared with the one-time document that is the NCS 2023, NCSIP is supposed to evolve over time with multiple iterations. And it makes perfect sense too!
Just like the National Cybersecurity Strategy, the implementation plan, NCSIP, is also framed around the five-pillar-based approach and… more. What’s the “more?” Well, apart from the five pillars of the national cybersecurity strategy, there is an extra sixth element to the NCSIP. Basically, this extra element, “implementation-wide initiatives,” advocates for regular reporting on the progress of implementing the strategy, incorporating valuable insights gained from the process. It also emphasizes the need to align federal budgetary guidance with the strategy’s implementation to ensure its effective execution. Not bad for a first draft at all!
After a major drop like the National Cybersecurity Strategy Implementation Plan, the town was bound to be buzzing with opinions and remarks. And abuzz it was! From headlines and top stories to direct quotes from industry leaders and key players in cyberspace, the NCSIP has indeed been the talk of the town for the better part of these last two weeks. Skim along!
There’s more along the lines of these. However, the bottom line is that the NCSIP has created some powerful waves and will continue to do so throughout its run.
The pieces are on the board, and the wheel’s been set into motion. The Biden-Harris administration has ironed out the strategy and penned down the rules. All that is left to do is to play your roles right! Toodles, then!
Looking for a UEM solution that fits your needs and budgets? Check out Hexnode!Join the tribe