The Office of the National Cyber Director (ONCD) has published its roadmap for implementation of the Biden Administration’s recently released National Cybersecurity Strategy
The strategy calls for the largest companies in the U.S. to assume more responsibility to protect the nation’s critical infrastructure from cyberattacks and aid investments in cybersecurity.
Cyber Strategy Objectives
The Biden Administration's National Cybersecurity Strategy is focused on two primary objectives. One objective ensures that the “biggest, most capable, and best-positioned entities” in the public and private sectors take on more responsibility for lowering cyber risk. The other boosts incentives to fuel investment in cybersecurity in the long term.
The National Cybersecurity Strategy Implementation Plan (NCSIP) details some 65 high-impact federal initiatives. These range from “protecting American jobs by combating cybercrimes to building a skilled cyber workforce.” It also sets responsibilities and deadlines for 18 government agencies to streamline and strengthen cybersecurity regulation.
As this is the first edition of the plan, it serves as a living document that will be updated annually, the White House said.
National Cyber Director Kemba Walden offered a statement to reporters prior to the 57-page document’s release:
“The implementation plan does not capture all of the cybersecurity activities in the federal government, nor does it intend to. What it does do is capture key initiatives that we must get done in the near term.”
She said that the plan reflects the administration’s belief that cybersecurity only will be bolstered by “a whole of society approach,” The Record reported.
Under the implementation plan, each NCSIP initiative is assigned to a responsible agency along with a timeline for completion. Some of those initiatives, such as detailing the administration’s cybersecurity priorities for the fiscal year 2025 budget, have already been completed ahead of schedule. Others, including transmitting the Department of Defense 2023 Cyber Strategy to Congress, are key milestones for completing the initiatives.
The ONCD will be tasked with coordinating activities under the plan, delivering an annual report to the President and Congress on the status of implementation. The ONCD will partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives.
5 Pillars of the National Cybersecurity Strategy
The NCSIP is not designed to capture all federal agency activities in support of the NCS. The plan aligns with the five pillars and 27 strategic objectives of the National Cybersecurity Strategy released in March 2023, the White House said.
Here are some sample initiatives:
Pillar One: Defending critical infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) will update the National Cyber Incident Response Plan to more fully realize the policy that “a call to one is a call to all.” The update will also include clear guidance to external partners on the roles and capabilities of Federal agencies in incident response and recovery.
Pillar Two: Disrupting and dismantling threat actors
The FBI will work with federal, international and private sector partners to carry out disruption operations against the ransomware ecosystem, including virtual asset providers that enable laundering of ransomware proceeds.
CISA will offer resources such as training, cybersecurity services, technical assessments, pre-attack planning and incident response to high-risk targets of ransomware, such as hospitals and schools.
Pillar Three: Shaping market forces and driving security and resilience
CISA will lead work with key stakeholders to identify and reduce gaps in software bill of materials (SBOM). CISA will also explore requirements for a globally accessible database for end of life/end of support software and convene an international staff-level working group on SBOM.
Pillar Four: Investing in a resilient future
The National Institute of Standards and Technology (NIST) will convene the Interagency International Cybersecurity Standardization Working Group to coordinate major issues in international cybersecurity standardization and enhance U.S. federal agency participation in the process.
Pillar Five: Forging international partnerships to pursue shared goals
The Department of State will publish an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities. State will also work to catalyze the development of staff knowledge and skills related to cyberspace and digital policy to facilitate coordination with partner nations.