The National Cybersecurity Strategy was published this spring.
You can read the original document here.
The Strategy recognises that the US government must use all instruments of national power in a coordinated manner to protect national security, public safety and economic prosperity.
The key provisions of the Cybersecurity Strategy are:
- Protect critical infrastructure.
- Disrupt and eliminate threat actors.
- Build market forces for security and resilience.
- Invest in a sustainable future.
- Forging international partnerships to achieve common goals.
Under this new National Cybersecurity Strategy, the Administration is focusing on securing the nation’s critical infrastructure by tightening cybersecurity regulations in critical sectors while working with federal and local governments to clarify regulatory requirements.
Modernisation will involve moving legacy local area networks to cloud and multi-cloud environments, which comes with increased risks. However, the move also adds new layers of security for these networks. Preparedness for quantum computing will also be part of the new modernisation, as this will become a bigger risk in the near future.
What is interesting is that the new strategy will enhance the ability of private cybersecurity companies to work in tandem with critical markets such as the federal government, state and local government agencies, utilities, healthcare and educational institutions.
The second aspect is that CIOs must focus on “personal data security.” CIOs and other leaders must fully understand and see where personal data resides and how it is used. This requires leaders to implement appropriate security measures that can be applied to data at all stages, including data at rest, in motion, or in use. Methods that can help ensure this level of security include data encryption and centralised encryption key management, as these are globally recognised mechanisms to help minimise cybersecurity threats.
