White House Issues National Cybersecurity Strategy Implementation Plan

July 13, 2023 - The Biden-Harris Administration issued its National Cybersecurity Strategy Implementation Plan (NCSIP), which provides a detailed roadmap to achieving the National Cybersecurity Strategy. The Administration published the National Cybersecurity Strategy in March, aimed at improving cyber resilience, disrupting cyber threat operations, and shifting and defining cyber defense responsibilities across the United States.

The NCSIP outlines more than 65 federal initiatives aligned with the National Cybersecurity Plan, some of which are already underway.

“It outlines a path for achieving two significant shifts: the need for more capable actors in cyberspace to bear more of the responsibility for cybersecurity and the need to increase incentives to make investments in long term-resilience,” the document states.

The National Cybersecurity Strategy consists of five pillars: defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships to pursue shared goals.

Each initiative outlined in the NCSIP aligns with one of the five pillars. Eighteen agencies will lead the whole-of-government plan, which consists of a variety of activities, including updating the National Cyber Incident Response Plan and combating ransomware via the Joint Ransomware Task Force.

Other initiatives include exploring a federal insurance backstop, developing a strategy for strengthening the nationwide cyber workforce, and driving the development of security Internet of Things (IoT) devices.

As reported when the strategy was first released, the healthcare sector, like other critical infrastructure sectors, will be impacted by these initiatives. The strategy’s focus on securing IoT devices and disrupting major ransomware operations will ideally ease the burden on healthcare organizations and further define security roles and responsibilities across the industry.

“This strategy recognizes that robust collaboration, particularly between the public and private sectors, is essential to securing cyberspace. It also takes on the systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small organizations. By working in partnership with industry; civil society; and State, local, Tribal, and territorial governments, we will rebalance the responsibility for cybersecurity to be more effective and more equitable,” Joe Biden stated in the introduction to the NCSIP.

“We will realign incentives to favor long-term investments in security, resilience, and promising new technologies. We will collaborate with our allies and partners to strengthen norms of responsible state behavior, hold countries accountable for irresponsible behavior in cyberspace, and disrupt the networks of criminals behind dangerous cyberattacks around the globe. And we will work with the Congress to provide the resources and tools necessary to ensure effective cybersecurity practices are implemented across our most critical infrastructure.”