Acting National Cyber Director Explains New Cybersecurity Strategy to Congress

As much of Capitol Hill had its attention turned to the hearing over TikTok’s handling of Americans’ data, the House Committee of Oversight and Accountability heard testimony from Acting National Cyber Director Kemba Walden on how to implement the National Cybersecurity Strategy.

In opening statements, Walden outlined several pillars the national strategy plans to rely on when incorporating stronger defenses into U.S. digital networks. These include forming international partnerships, investing in a workforce, incentivizing stronger cybersecurity requirements, disrupting threat actors, and implementing stronger security measures. 

The paramount principle guiding the strategy, however, is imparting more responsibility on the federal government and Big Tech players to safeguard U.S. networks.

“The biggest, most capable and best positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe––and that includes the federal government,” Walden said.

When the strategy was initially introduced roughly three weeks ago, the Biden administration noted that this would include helping smaller businesses keep up with more rigorous cybersecurity requirements––part of the strategy’s plan to incentivize more robust, and potentially more costly, cybersecurity defense systems. 

Walden also noted that fostering a strong cybersecurity workforce would mean, among other things, broaden the scope of eligible candidates.

“The idea is to make sure that we are not putting up or imposing barriers to recruitment, and that we are also putting in incentives for retention,” she said. 

Walden continued to say that the administration is coordinating efforts with the Office of Personnel Management to harmonize what federal agencies need from a cybersecurity and digitally-savvy workforce.

“What we really offer is mission as a sense of moral enlightenment, in many ways,” she said. “That's the secret sauce here.”

Offering cyber insurance is another approach to bolstering the cybersecurity baseline of U.S. entities. Walden said that reinforcing, or backstopping, businesses taking precautions to improve their cybersecurity posture is on the table.

“That is indeed one of the tools that we are considering, cyber insurance backstop,” she said. “So think of flood insurance, for example. In order to make sure that cybersecurity small and medium businesses don't bear the full cost of security breach while we're also working on making sure that the systems are resilient.”

Agencies like the Department of Treasury have said that it is investigating a viable cybersecurity marketplace following a 2021 recommendation from the Government Accountability Office suggesting there is sufficient demand for assistance in the event of a zero day. 

Synchronizing standards for the digital ecosystem also plays a role in a stronger cybersecurity culture. Walden stated that updating standards within ubiquitous and sensitive softwares, namely cloud service providers, would also be important. 

All of these initiatives, Walden confirmed, will be evaluated with a strong metrics-based approach.

“The federal government will take a data-driven approach and will measure investments made progress and the outcomes and effectiveness of these efforts,” she said. “Work is already underway putting this strategy into action.”