The White House has unveiled a US cybersecurity strategy and associated policies that aim to protect the country from cyberattacks. The new National Cyber Strategy, unveiled Thursday, is the "first fully articulated cyber strategy for the United States since 2003," according to a blog from Grant Schneider, federal chief information security officer and senior director for cybersecurity policy.
The complete strategy, outlined in this 40-page PDF, includes four key tenants or goals or pillars:
- Defend the homeland by protecting networks, systems, functions, and data;
- Promote American prosperity by nurturing a secure, thriving digital economy and fostering strong domestic innovation;
- Preserve peace and security by strengthening the ability of the United States — in concert with allies and partners — to deter and, if necessary, punish those who use cyber tools for malicious purposes; and
- Expand American influence abroad to extend the key tenets of an open, interoperable, reliable, and secure Internet.
The document hints that the United States will aggressively counter cyber attackers. Within pillar three, the document calls for steps that:
- Attribute and Deter Unacceptable Behavior in Cyberspace
- Lead with Objective, Collaborative Intelligence
- Impose Consequences
- Build a Cyber Deterrence Initiative
- Counter Malign Cyber Influence and Information Operations
White House: Ready to Counter Nation State Cyberattacks?
The White House strategy arrives only a couple weeks after a bipartisan companion bill called on the President to act against foreign hackers targeting the US. At the same time, foreign governments -- including Germany -- have been exploring ways to develop their own cyber technologies while depending less on foreign suppliers.
Meanwhile, industry watchers say the US needs to build policies and systems that deter hackers from attacking -- much in the way that NATO and other international organizations may have deterred physical military attacks in recent decades, those pundits say.
Overall, the US has suffered from a "fundamental deterrence failure" in the cybersecurity sector, US Marine Corp. Officer and Endgame CEO Nate Fick told attendees at a SolarWinds MSP conference earlier this week in Phoenix, Arizona.
Adversaries, Fick noted, don’t believe the US will launch a counter-cyber strike against attackers. The attackers therefore operate unchecked -- launching cyber strikes against the US government and business infrastructure with little fear of retribution.
Still, Fick warned US businesses to avoid a counter-attack mentality -- since foreign nation states are well-equipped to escalate their attacks against businesses. Instead, he called on the US government to develop stronger policies that deter would-be attackers.