US cyber leaders discuss the new National Cyber Strategy.

Following the public release of the US National Cybersecurity Strategy yesterday morning, the Center for Strategic and International Studies (CSIS) held a launch event that saw two major federal players in cyberspace come together for discussion: the Acting National Cyber Director, Kemba Walden; and the Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger.

Defensibility and resilience requires IT modernization.

“We have to lean into making what we have defensible,” said Walden. She notes that the SolarWinds incident brought federal attention to cybersecurity, and made it a point in the American Rescue Plan. She does note, however, that modernizing the tech (some of which, she notes, has been in use since 1981) does not only improve defensibility when implemented, but that it requires action regularly in order for systems to be resilient. “IT modernization is a dynamic process. It has to keep going, it has to be baked into how we think about security.”

Lauren Van Wazer, Vice President of Global Public Policy at Akamai, commends the modernization efforts pushed by the strategy, and notes the importance of sector-specific efforts. "We applaud the push to continue to modernize federal IT, update federal incident response plans and processes and enhance public-private operation collaboration. All of these will be helpful in strengthening our collective cybersecurity defenses, Van Wazer wrote, in emailed comments. "Given the vastness of our critical infrastructure and the many industries impacted, it will be important to see any sector-specific efforts as part of the implementation. It’s good, however, that the strategy calls out existing consensus standards and guidance and NIST cybersecurity framework.

Government capabilities in action against cybercrime.

Walden also explained that acting on behalf of the government inherently carries power that the private sector does not hold. “We can arrest people,” Walden noted, “Let’s start there.” She notes that private companies own infrastructures, and that the government can hold those that allow criminal activity accountable, but governments and private companies can also work together to tear down the criminal systems. Hitting the criminal threat actors in their wallets, she argued, is what really can make an impact. Reducing the profitability of cybercrime helps, as recent government sanctions have shown.

International, as well as interagency, collaboration are both vital to the Strategy’s success and implementation.

“A secure cyberspace is something that we must do arm-in-arm,” explained Neuberger. Discussing last November’s White House Counter Ransomware Initiative, she noted that the US led the global summit through the convening of a multitude of countries, and that the feedback from nations facing these threats showed the importance of international dialogue. Another important form of collaboration both Neuberger and Walden highlighted is US interagency collaboration. 

Walden explained that implementation of the new strategy has already begun, and Neuberger mentioned CISA, TSA, and FBI officials, among others, who deserve recognition for their role in getting the strategy off to a good start. “Implementing happens fundamentally at agencies,” Neuberger highlights. “The stage is a broad and big one, and that’s what makes implementation exciting.”