The Biden administration this month announced its highly anticipated National Cybersecurity Strategy. Since the release of the previous national strategy in 2018, the Cybersecurity and Infrastructure Security Agency was formed, the intent to achieve a zero-trust architecture was declared with Executive Order 14028, and the world endured an unprecedented pandemic that fundamentally reshaped how communities, businesses and workplaces operate.
Undeniably, the global cybersecurity landscape has changed dramatically over the past five years. With endpoints expanding and additional Internet-of-Things devices coming online each day, the administration’s stated goal, “to secure the full benefits of a safe and secure digital ecosystem for all Americans,” is more pressing than ever. The new strategy will help bolster the nation’s cybersecurity posture; however, there will be many challenges on the path to achieving a secure digital ecosystem for all.
Some prevalent, pervasive obstacles will include impediments to collaboration and interoperability, resource constraints, the lingering reliance on legacy IT systems and the need to remain agile in the face of an eternally evolving threat landscape. To implement the goals outlined in the new cyber strategy, federal agencies should proactively consider how these systemic challenges can be successfully overcome at their organization.
Forging public-private partnerships
The National Cybersecurity Strategy repeatedly emphasizes the importance of collaboration between government agencies, private sector companies and international partners. In fact, the document identifies “deep and enduring collaboration between stakeholders” as the “foundation upon which we make [the digital ecosystem] more inherently defensible resilient and aligned with U.S. values.” Collaboration and information-sharing enables organizations to pool their resources and threat intelligence to better prevent or respond to malicious cyber activity.
Clearly, collaboration is essential. However, ensuring effective coordination among disparate stakeholders may be challenging, particularly given the diversity of interests and priorities involved. Ideally, agencies would actively collaborate and share information with one another, private sector partners and international counterparts to accelerate and enhance incident responses. Additionally, these partnerships can foster valuable insights into emerging threats and attack vectors.
Particularly for public-private partnerships, each sector must strive to better accommodate the other to deliver a better digital ecosystem for all. The government should endeavor to be as nimble as possible to keep pace with industry, and the private sector should ensure they’re in compliance with any required government standards. As such, when “temporary cells” must be formed to disrupt adversaries, there will be fewer barriers to collaboration.
Modern tactics require modern IT
Implementing the National Cybersecurity Strategy will require significant resources, including funding, personnel, and technology. Agencies will likely face challenges in securing these resources, particularly given competing priorities and budget constraints. Similarly, many government agencies still rely on legacy IT systems that “are costly to maintain and difficult to defend,” according to the strategy document.
Agencies can utilize technology to automate and streamline many repetitive cybersecurity tasks, freeing up resources for more strategic initiatives. DevSecOps is an example of leveraging technology to streamline cybersecurity tasks. Automating testing and deployment, DevSecOps — short for development, security and operations — allows agencies to identify and fix security vulnerabilities quickly and efficiently.
Updating and modernizing these systems can be complex, and may require significant investments of time and resources, especially if said systems cannot afford downtime. Despite the cost, the strategy identifies this as a priority area because certain cybersecurity goals, such as zero trust, cannot be achieved without modern IT systems and cloud migration given that legacy systems lack the ability to leverage the necessary critical security technology.
Likewise, timesaving and cost-saving benefits can be realized once modern IT systems are adopted, such as workflow optimization tools. Private sector partners should strive to alleviate the strain of IT modernization for their government partners whenever possible so the improvements to productivity and security can be fully realized.
The future of cybersecurity
As identified in the new strategy, “developing a diverse and robust national cyber workforce” must also be emphasized. Investing in training and education programs for employees can empower them to identify and respond to threats.
Similarly, fostering a culture of innovation that invests in research and development and promotes emerging technologies will drive progress in cybersecurity. Partnering with private sector companies can provide access to significant cybersecurity expertise, training and resources.
Unfortunately, malicious actors are continuously evolving, and therefore so must cybersecurity best practices. Enhancing cybersecurity education, training, research and development in the U.S. will be imperative to ensure our defenses remain agile over time.
In the modern age, it’s paramount that the digital resources and services the American public depend on are secure. The National Cybersecurity Strategy is a powerful realignment to how the U.S. “allocates roles, responsibilities, and resources in cyberspace,” designed to actualize a safe and secure digital ecosystem for all. To achieve this goal, the entire digital community must act to implement the guiding principles.
Tim Meyers is Vice President, Federal Cybersecurity, at Maximus, a supplier of administration and other services to government.
Have an opinion?
This article is an Op-Ed and the opinions expressed are those of the author. If you would like to respond, or have an editorial of your own you would like to submit, please email C4ISRNET and Federal Times Senior Managing Editor Cary O’Reilly.