The ranging strategy document includes plans for the collective defense of federal civilian executive branch agencies and a push for legislation to require software vendors to assume liability for the security of their products.
The newly installed National Cyber Director offered his take on the roles and responsibilities of his office, the Cybersecurity and Infrastructure Security Agency, the National Security Council and agency IT and security operations in responding to federal cyber incidents.
The White House is still considering whether to support the Cyberspace Solarium Commission's recommendation to establish a Bureau of Cyber Statistics, National Cyber Director Chris Inglis said on Monday, while stressing the urgent need for the federal government to begin assessing and publishing data on cybersecurity incidents.
Most agencies are just getting started creating plans around zero trust, but tight deadlines featured in President Joe Biden's cybersecurity executive order and a wave of new guidance, may speed up implementation across the entire government.
The chairman of the Senate Select Committee on Intelligence said he will introduce legislation to mandate that companies notify the government to major cybersecurity breaches, a promise several lawmakers have made this year.
Jen Easterly, selected to head the Cybersecurity and Infrastructure Security Agency and Chris Inglis, the former National Security Agency deputy director picked to fill the new national cyber director role, faced lawmakers concerned about the spike in ransomware attacks.
The executive order, which was published Wednesday night, contains deadlines for CISA, the Department of Homeland Security, the Office of Management and Budget and other agencies to begin reworking the government's cybersecurity with some timelines as short as 30 days from its signing.
Senior administration officials say multiple government agencies are working to distribute information to industry about the ransomware attack that led to the shutdown of a key natural gas pipeline for the East Coast.
The government's cybersecurity watchdog is increasingly issuing emergency instructions to agencies for handling high-risk vulnerabilities, something analysts say reflects both CISA's stature and the environment its working in.
Chris Krebs, the former CISA director, has been vocal in recent months about the need for his old job to be filled in short order while the administration confronts multiple cybersecurity problems within the federal government.
Jake Sullivan, the national security advisor, says President Joe Biden discussed both the supply chain attack on SolarWinds and vulnerabilities being exploited in Microsoft Exchange with leaders of Japan, India and Australia.