What do industry and cybersecurity experts want in the upcoming national cyber strategy?

Chris Inglis takes a question from the audience during the Cyber Roundtable at Scott Air Force Base on May 2, 2018. Inglis, now serving as National Cyber Director, is leading efforts to develop a new national cyber strategy.

Chris Inglis takes a question from the audience during the Cyber Roundtable at Scott Air Force Base on May 2, 2018. Inglis, now serving as National Cyber Director, is leading efforts to develop a new national cyber strategy. Maj. Jon Quinlan/Air Force

The White House has been working with a range of industry stakeholders and cybersecurity experts on a forthcoming plan that could transform America’s cyber landscape. Here’s what they hope makes it into the new strategy.

The Office of the National Cyber Director, the federal agency tasked with advising the White House on cyber issues, didn't even exist when the last national cybersecurity strategy was released under former President Donald Trump in 2018. 

Now, the office and its director, Chris Inglis, will soon be tasked with spearheading the implementation of a new, forthcoming cyber strategy – one that could dramatically transform the digital landscape and America's cybersecurity posture. 

Inglis has said that ONCD worked in close collaboration with federal agencies, industry partners and key stakeholders while developing the plans that are due to be released in the coming days, though it may take a few months to finalize the official strategy. 

The director also said at a conference last month that the plan will address market forces and push cyber regulation "a bit further, as we have for cars," with the strategy aiming to promote "affirmative intentionality."

While the previous administration has been criticized over a confusing legacy of cyber policies, Inglis’ office appears determined to produce a unified strategy around cybersecurity; one that improves public-private collaboration and information-sharing efforts, ensures federal coherence and aligns resources to increase cyber resilience. 

But in order to make the strategy a success, Inglis has noted the effort will take a holistic approach and strong investments from industry stakeholders and other White House partners. 

Intentionality was a primary reason Congress authorized the establishment of the ONCD, according to Josh Brodbent, regional vice president of solutions engineering at BeyondTrust and Industry Chair of the ATARC Zero Trust Working Group. 

“Historically, misalignment and disorganization have been systemic challenges for the government,” Brodbent said. “Deliberate cybersecurity practices demand collaboration to avoid challenges due to a lack of intentionality.”

Ross Nodurft, executive director of the Alliance for Digital Innovation and a former head of the Office of Management and Budget's cyber team, told FCW that the ONCD's engagement with industry and stakeholders has been appreciated. Nodurft’s organization has encouraged ONCD to aim towards "harmonizing the regulatory landscape to encourage security over compliance,” he added.

Nodurft said ADI would like the strategy “to recognize the intrinsic security value that modernizing information technology brings to any organization," adding that adopting cloud-based technology "that embraces a zero trust architecture can be the fastest way to improve security across any enterprise.”

ONCD prioritized stakeholder engagement as one of its top lines of effort in a statement of strategic intent after the office was established through the fiscal year 2021 National Defense Authorization Act. 

The document also emphasized cultivating more secure supply chains and critical infrastructure sectors through improved planning and incident response, budget reviews and assessments of federal cyber resources, in addition to expanded collaboration with the public and private sectors on technology and ecosystem security. 

The White House has meanwhile continued to release a wave of guidance for agencies to bolster their cyber posture and improve overall security efforts, including a federal zero trust architecture strategy and an earlier executive order on improving the nation's cybersecurity.  

With limited resources and an ever-expanding grab bag of cybersecurity challenges to choose from, federal agencies run the gamut in terms of their overall cybersecurity posture and maturity in their approaches to things like a ZTA architecture framework. 

Lena Smart, chief information security officer of the developer data platform MongoDB, told FCW “a unified national strategy would be a show of strength in terms of bringing together expertise from government agencies and having one plan to follow, rather than a disjointed disparate melange of mini-projects all destined for failure.”

Smart also added that ONCD has an opportunity with the strategy to promote the Software Bill of Materials (SBOMs), which essentially serves as inventory lists for software products, but their use could be stifled without expanded information sharing.

“As of now, there isn’t a central repository for data to be stored and shared,” she noted. “SBOMs are a great requirement and will definitely help limit the damage that another Log4J event could cause, but if there isn’t a streamlined process where all agencies and FedRAMP-authorized vendors can submit and peruse SBOMs, then that is an opportunity for excellence lost.”

Officials have previously called on the Cybersecurity and Infrastructure Security Agency to oversee a central repository for SBOMs. Amy Hamilton, senior cybersecurity advisor for the Department of Energy, testified in November that it will be an "extraordinarily intensive" challenge for agencies to utilize SBOMs without a central repository.

Asked to comment on the forthcoming strategy, a representative for CISA referred FCW to the White House. ONCD and the White House have declined to provide a specific timeline for the release or finalization of the national cybersecurity strategy. 

Davis Hake, whose cyber insurance company Resilience has participated in discussions with the White House to help build the forthcoming strategy – including last year's White House cybersecurity summit – said the guidance should also "prioritize efforts to fight ransomware collaboratively through information sharing on actionable intelligence."

"Issues that were small nuisances several years ago, like ransomware, are now Main Street problems faced by a range of US businesses," he said. "On the other end of the spectrum, geopolitical conflicts like the war in Ukraine have the potential for grave consequences to our national critical infrastructure."

Davis added that the strategy "should be a risk management guide for how we build resilience in our digital infrastructure in spite of new and unexpected threats."

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.