The White House on Thursday released a roadmap to implement its four-month-old National Cybersecurity Strategy that identifies lead agencies to drive each of the strategy’s initiatives, general plans for doing so, and completion dates.
The National Cybersecurity Strategy Implementation Plan (NCSIP) is a living document, the White House said, adding that its publication will “ensure transparency and a continued path for coordination.”
The NSCIP outlines nearly 70 federal initiatives for interagency coordination to achieve the strategy’s objectives, which are outlined under five pillars that include defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security, promoting research and development and the adoptions of best practices and standards for strengthen resiliency, and building international partnerships.
Under the defending critical infrastructure pillar the Biden administration is hoping to expand cybersecurity regulations and harmonize existing ones. One initiative, that will be led by the White House National Security Council and is targeted for completion by the second quarter of fiscal year 2025, requires sector risk management agencies and regulators “to analyze the cyber risk in their industries and outline how they will use their existing authorities to establish cyber requirements that mitigate risk in their sector, account for sector-specific needs, identify gaps in authorities, and develop proposals to close them.”
Another initiative is aimed at ensuring software is secure by design by developing a safe harbor framework that provides liability protections for companies that securely develop and maintain their software products and services. This effort will be led by the Office of the National Cyber Director, which will host a legal symposium to examine software liability frameworks, and is slated to be ready by the second quarter of FY ’24.
The co-chairs of the Cyberspace Solarium Commission welcomed the NCSIP and called for annual updates.
“If there is anything that we have learned about government over the last 20 years, it is that ‘execution is as important as vision,” and that strategic plans pertaining to cybersecurity that are not properly implemented are designed to fail,” Rep. Mike Gallagher (R-Wis.) and Sen. Angus King (I/D-Me.), said in a statement.