The National Cybersecurity Strategy that flew out of the White House doors in early March was a year-long effort that involved hundreds of engagements with more than 300 stakeholders – from academia to industry to Federal agencies – a top official at the Office of the National Cyber Director (ONCD) said today.
“What we emphasize within that strategy is that we are at a pivotal point when it comes to public-private sector collaboration,” ONCD Director for Cyber Policy and Programs Tanya Simms said at MeriTalk’s May 2023 Cyber Central in D.C.
“What we talk about is the need for holistic commitment from the private sector as well as the public sector when it comes to collaborating and understanding and responding to cyber-related incidents and cyber defense,” Simms said. “There is this emphasis on this need to not just have actual relationships, but to really look at what does true collaboration and trust building actually look like.”
She continued, “What we ultimately achieved was this unified commitment in making sure that each element of our society could really see themselves in the strategy.”
One fundamental shift that the March 2 strategy highlights is the nation’s need to “rebalance” the responsibility to defend cyberspace by “shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us.”
ONCD’s Simms said during MeriTalk’s event today that this is the most critical step in the strategy, but it’s going to take a huge cultural shift.
“One of the fundamental shifts that the strategy reflects is that those with the most should be able to bear more,” Simms said. “That shift of responsibility, that shift in accountability means that those CIOs, those CISOs should be investing in our own … people to build this.”
“But specifically in thought leadership,” she continued, adding, “What that means is that fundamentally the investment that we’re talking about has to get that that cultural lack of understanding of cybersecurity.”
Simms reiterated that cybersecurity requires intentional thought leadership, which requires a cultural shift, and “that’s the key investment.”
The strategy also says the United States will aim to increase cyber resilience by developing a diverse and robust national cyber workforce. Amy Hamilton, the visiting faculty chair at the Department of Energy (DoE), said during Cyber Central today that the strategy’s focus on people is one of the most critical aspects of the document. “The bottom line is there are not enough cyber people out there,” Hamilton said.
“We can’t just say, ‘okay, somebody magically is going to grow up and know cyber,’ we have to invest in this at the very earliest ages,” Hamilton preached. “We can’t wait until high school, we can’t wait until college, we need to make sure at the very youngest ages – as soon as somebody is starting to pick up that device, we need to understand security of that device.”
Hamilton said that this is no longer a cyber issue, it’s a human issue. “We have to let that in that digital integration as part of our lives and the fabric of our society,” she said.
ONCD plans to release its Cyber Workforce Strategy this summer, where tech education at younger ages and for minority groups prevails as a key to closing the cyber skills gap. That strategy was completed in large portion with the private sector as well.
Cisco’s National Security and Government Senior Strategist for Cybersecurity, Andrew Stewart, highlighted during Cyber Central today that public-private partnerships are key for the security of the nation.
“We [must] bring together private-public partnerships to ensure better security for the digital ecosystem.” Stewart said it’s “a stable way to be able to ensure an inclusive future for all folks.”