On March 2, the White House issued a National Cyber Strategy, aimed at fostering collaboration between the US government, industry, and international partners to build a more secure and resilient digital ecosystem.
The strategy contains multiple ideas that will advance the security of US Government agencies, some of which BSA and the broader enterprise technology community have been advocating for and working on for years. BSA is encouraging the Administration to continue working constructively with industry to advance shared priorities – including the deployment of zero trust architecture, expanded use of logging tools – within the National Cyber Strategy that will produce the greatest benefits for the entire digital ecosystem.
The strategy outlines a number of shared areas of focus where action can be taken. These activities include:
- Harmonizing Regulations: The National Cyber Strategy identifies the need to harmonize regulations. This is consistent with BSA’s 2023 Global Cyber Agenda, which says “policymakers should align cybersecurity laws and policies to ensure consistency and harmonization across government agencies and sectors.” Accomplishing this task will require US Government agencies to work together on definitions and requirements – something that will take commitment and compromise. But the White House’s prioritization of harmonization, and Congress’s support through legislation like the Cyber Incident Reporting for Critical Infrastructure Act, are promising developments that will lead to better cybersecurity. These efforts should also establish national baselines that avoid a 50-state patchwork of laws that increase compliance costs and do not improve cybersecurity.
- Investing in a Digital Identity Ecosystem: Strengthening the digital identity ecosystem will reap returns immediately. Digital identity tools require constant innovation to remain effective against evolving threats, and this innovation can be fostered by continuing the US Government’s long-standing policy of technology neutrality. Industry and government can work together to build a strong digital identity ecosystem that leverages innovative digital identity solutions to ensure only authorized users obtain access to information and applications and consequently protects citizens’ identities and builds trust in the digital ecosystem.
- Leveraging Multicloud and Hybrid Cloud Solutions: The US Government’s mission requires a true hybrid, multicloud, multi-technology solution, which would allow agencies to mix and match cloud services. As cloud services have evolved, organizations – including government agencies – too often rely on single vendors rather than selecting the cloud service provider that is best-suited for the challenge, based on security, functionality, and price. Procurement policies should address this challenge. By working together, the US Government and its industry partners can ensure vendors provide interoperable solutions, that make government agencies more effective.
Industry continues to increase its investments in security and is realizing improved returns. But while the National Strategy provides opportunities for industry and government to work together to improve security, it does not provide agencies with the funding necessary to achieve its goals.
Additional security investment from government requires Congress to act, which is why BSA’s 2023 Global Cyber Agenda suggests policymakers “invest in modern IT infrastructure and cybersecurity commensurate with the risk, including supporting regional, state, local, or municipal governments to improve their cybersecurity.”
Now it is up to all of us – government, industry, and other stakeholders – to get to work building a more secure future.
