Content, Americas, Channel markets

Trump’s National Cybersecurity Plan Stresses “Resilience”

Earlier this month, President Trump released his maiden national security strategy, a document that covers confrontations with Russia and China the administration sees as contrary to U.S. interests. The 55-page volume, entitled National Security Strategy of the United States of America, December 2017, also contains 2 ½ pages on cyber security called Keeping America Safe in the Cyber Era.

For the most part it’s high-level stuff, long on policy and short on details. Resilience seems to be a theme running through the pages: It and “resilient” are mentioned 11 times in the relatively small space. The government frames resilience as the “ability to withstand and recover rapidly from deliberate attacks, accidents, natural disasters, as well as unconventional stresses, shocks, and threats to our economy and democratic system.”

Here's the Trump cyber security doctrine (quotes in italics):

On the overall cyber security landscape:

  • Today, cyberspace offers state and non-state actors the ability to wage campaigns against American political, economic, and security interests without ever physically crossing our borders.
  • The government must do a better job of protecting data to safeguard information and the privacy of the American people.
  • Security was not a major consideration when the Internet was designed and launched. As it evolves, the government and private sector must design systems that incorporate prevention, protection, and resilience from the start, not as an afterthought.

Five ways the feds intend to address the issues:

  • Identify and prioritize risk
    To improve the security and resilience of our critical infrastructure, we will assess risk across six key areas: national security, energy and power, banking and finance, health and safety, communications, and transportation.
  • Build defensible government networks
    We will use the latest commercial capabilities, shared services, and best practices to modernize our federal information technology.
  • Deter and disrupt malicious cyber actors
    The United States will impose swift and costly consequences on foreign governments, criminals, and other actors who undertake significant malicious cyber activities.
  • Improve information sharing and sensing
    The U.S. government will work with our critical infrastructure partners to assess their informational needs and to reduce the barriers to information sharing, such as speed and classification levels.
  • Deploy layered defenses
    The U.S. government will work with the private sector to remediate known bad activities at the network level to improve the security of all customers.

On building “cyber resilience,” here are the White House's four priority actions:

  • Improve risk management
    The United States will improve its ability to assess the threats and hazards that pose the greatest risks to Americans and will prioritize resources based on the highest risks.
  • Build a culture of preparedness
    This administration will take steps to build a culture of preparedness, informing and empowering communities and individuals to obtain the skills and take the preparatory actions necessary to become more resilient against the threats and hazards that Americans face.
  • Improve planning
    State and local governments must conduct realistic exercises that test existing plans to make sure that they are sound and can be executed. Agencies from all levels of government must coordinate better and apply lessons learned from exercises to pinpoint the areas and capabilities that require improvement.
  • Incentivize information sharing
    To improve the coordination among the private sector and all levels of government that is needed to improve resilience, we must make a stronger commitment to protecting sensitive information so that all partners actively identify and share vulnerabilities and work collaboratively to reduce them.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.