A month after Acting National Cyber Director (NCD) Kemba Walden unveiled the White House’s much-anticipated National Cybersecurity Strategy Implementation Plan, the administration is working tirelessly to put it into action – with a second version of the plan expected to make its debut in the spring.
“We’ve published exactly how we’re going to implement the strategy on the White House website,” Walden said during her keynote session at Black Hat USA in Las Vegas. “That is brand new, and I gotta tell you, it made a lot of people nervous that we were doing that because we then subject ourselves to accountability. The only way that we can be trusted is if we are transparent about what we do.”
She added, “I welcome input into how to make it work better. You’ll see this is an evolving process. We’ll do an implementation version two probably in the spring so that we can update, we can iterate, we can make sure that we are getting the right actions at the right time with the right metrics.”
In the implementation plan, ONCD shaped its focus around two goals: “Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk,” and “increasing incentives to favor long-term investments into cybersecurity.”
Presidents have been releasing cyber strategies to guide the United States for the last 25 years, but Walden noted that the Biden administration’s strategy is different for three reasons: it focuses more on defense, resiliency, and values than any strategy has since 1998.
“We are very clear, and we are affirmatively thinking through what do we want our digital ecosystem to look like,” Walden said. “We made a very clear, intentional statement that we want it to be more defensible, we want it to be more resilient, and we want it to be aligned with our values.”
“We’ve made some great progress and we acknowledge that in a strategy, but what we’ve noticed is that we’ve allowed cybersecurity to devolve to those that are least capable,” she said. “We need to try to figure out what our policy solutions are to rebalance that responsibility to make sure that those that are more capable of bearing cybersecurity risks have the opportunity to bring it down.”
The second shift, Walden explained, is investing “in resilience of cyberspace. Not just in the technology … but making people resilient, making doctrine resilient. It’s all parts of cyberspace that we need to make resilient in order to withstand an attack so that it’s not a catastrophic attack. So those are the two primary shifts.”
“We’re after making sure that we have a digital ecosystem that’s defensible and resilient and that we are the ones setting the agenda,” she said. “That we’re not just constantly reacting to the bad guy of the week. That we are actually affirmatively doing things proactively to make sure that they are chasing us – that we’re not chasing them.”
Walden also discussed the “less talked about piece” of the new cyber strategy, which is the values-driven aspect of the document.
“That’s the reason we do the work that we do – it is values-driven. Technology is agnostic of values,” Walden said. “You build it, but it really carries with it the people who use it, the people who are in it, the people that develop it. And so that’s really where our focus is – we’re making sure that it’s defensible or making sure it’s resilient.”
Additionally, on July 31, the Biden-Harris administration unveiled its National Cyber Workforce and Education Strategy to increase the number of Americans in “good-paying, middle-class” cyber jobs.
Unleashing America’s Cyber Talent is a first-of-its-kind comprehensive approach aimed at addressing both immediate and long-term cyber workforce needs.
“I’m optimistic that we can get there, but I’m realistic that it’s not going to be easy,” Walden said during Black Hat. “It’s going to take literally an entire nation of a team to get there. It’s going to take this community, it’s going to take academics, it’s going to take civil society, it’s going to take government wonks like me. It’s going to take all of us to get there. It’s not easy.”