US advances on cyber goals amid rapidly changing threat environment, White House says

National Cyber Director Harry Coker, shown here at a House hearing in January, said that the U.S. is "in the midst of a fundamental transformation in our nation’s cybersecurity" in an update on policy implementation.

National Cyber Director Harry Coker, shown here at a House hearing in January, said that the U.S. is "in the midst of a fundamental transformation in our nation’s cybersecurity" in an update on policy implementation. Kevin Dietsch/Getty Images

Cyber challenges in U.S. crosshairs include ransomware, AI, supply chain attacks and commercial spyware. A new version of an implementation plan might help address them.

The White House cyber czar’s office believes U.S. cybersecurity posture has improved over the past year as stakeholders implemented a sweeping strategy aimed at shoring up U.S. digital defenses. But it stressed that multiple threats are persisting.

Those include ransomware and continued cyberattacks on critical infrastructure, a pair of hacking behaviors that have made news for months. 

An update from the Office of the National Cyber Director on the cybersecurity posture of the United States also comes with a sequel to last year’s National Cyber Strategy Implementation Plan, which puts more directives under previously established pillars, including defending critical infrastructure and forging partnerships abroad.

Version two of the implementation framework includes a call to leverage “all instruments of national power” to make it harder for hackers to threaten national security or public safety, ONCD says.

“We are in the midst of a fundamental transformation in our nation’s cybersecurity,” said National Cyber Director Harry Coker in a statement. “We have made progress in realizing an affirmative vision for a safe, prosperous and equitable digital future, but the threats we face remain daunting.”

The Office of the National Cyber Director says that 33 of 36 initiatives under the first implementation plan due in the second quarter of 2024 are completed, with the final three in progress. An additional 33 are on track for completion over the next two years, including efforts to modernize federal civilian branch technology with a multi-year lifecycle plan to eliminate legacy systems.

The new implementation plan includes 31 new initiatives, including efforts aimed at shoring up cybersecurity across the healthcare, education and water sectors. The new initiatives also include plans to promote cybersecurity-focused shared services across the federal civilian executive branch and share cyber supply chain risk management tools across agencies.

Efforts to disrupt ransomware and address security risks stemming from open-source software also feature among the new initiatives, as does an initiative focused on advancing research and guidance on digital identity via the National Institute of Standards and Technology — a focus area that was left out of the initial implementation plan, to the frustration of stakeholders. 

The new implementation plan says that the digital identity work “may include” the publication of digital identity guidelines — something NIST is working on already — considerations for attribute validation tech or evaluation of facial recognition tech.

The cybersecurity workforce, the subject of its own strategy by the Office of the National Cyber Director, also gets some callouts in the updated implementation plan, including a focus on promoting skills-based hiring in the federal government and among its contractors.

As for the remaining threats these efforts are meant to combat, the report calls out the threat of supply chain exploitation, a growing market for commercial spyware, and the challenges presented to cybersecurity by artificial intelligence. 

“Continued progress in digital communications, advanced computing, quantum information science, data storage and processing, and other critical and emerging technologies are rapidly increasing the complexity of our economy and society,” the report on the cyber landscape states. 

“As this landscape evolves, malicious state and non-state actors are exploiting its seams with growing capability and strategic purpose, making clear that cyberspace is closely aligned with other domains of international conflict and competition,” it continues.

The White House’s cyber office says that the implementation plan will continue to be updated annually and that it will coordinate with the Office of Management and Budget to align annual budget requests with initiatives in the implementation plan.