TheCorporateCounsel.net

The White House Office of the National Cyber Director (ONCD) recently released several reports on the United States’ cybersecurity posture and strategic plan. These documents implement the 2023 National Cybersecurity Strategy (NCS).

As this Jenner & Block alert notes, ONCD Director Harry Coker, Jr. indicates that the United States’ cybersecurity regime is in the midst of “a fundamental transformation,” moving from a reactive to a proactive posture in order to keep pace with a fast-evolving cyber threat landscape. The Jenner alert further notes the following key takeaways:

The Posture Report is largely retrospective and serves as an index of the federal cyber initiatives over the past year, listing the various accomplishments of the over 24 federal agencies contributing to this effort. Conversely, the NCSIP is prospective and outlines the 100 initiatives the federal government will take to implement the NCS.

Together, these reports analyze the challenges and opportunities ONCD plans to target in the next year. The benchmarks point toward an increased scrutiny of and reliance on the private sector to reshape the digital ecosystem and enhance the United States’ resilience to cyber threats. Private sector organizations often have visibility into certain aspects of malicious activity that the federal government does not and hold much of the power to reverse insecure practices by implementing Secure by Design principles and patching security vulnerabilities. Another trend is an increased focus on developments in advanced computing technologies like quantum computing and AI and preparing for these technologies via cyber workforce training and interagency coordination.

Furthermore, the federal government is looking externally to risks posed by China, Russia, Iran, and North Korea, and non-state criminal organizations. However, these reports stress that many of the solutions to these risks are also external to the United States, based in coalition building and compatible international standards.

Overall, these communications emphasize the importance of the private sector to address the ever-changing cybersecurity threat environment.

– Dave Lynn