The White House is targeting June to release its implementation plan for the National Cybersecurity Strategy (NCS) unveiled earlier this month, an Office of the National Cyber Director (ONCD) spokesperson confirmed to MeriTalk.
“June is a soft internal target date,” the agency’s spokesperson said in an email on March 28.
ONCD said that date “may shift based on our robust interagency clearance process coupled with our ongoing stakeholder engagement” but that “more generally summertime is looking possible” as a “soft target date.”
The Biden-Harris Administration began the month with a bang, releasing its much-anticipated NCS on March 2 with multiple focus points – including continuing efforts to improve security in already-regulated critical infrastructure sectors, a high-level goal of shifting more security responsibility onto providers of tech products and services, and a robust focus on using “all tools of national power” to go after attackers.
The White House said that implementation of the strategy is “already underway” and being coordinated by the ONCD, which produced the strategy.
Late last week, ONCD’s recently appointed Acting Director Kemba Walden, testified before the House Oversight and Accountability Subcommittee on Cybersecurity, Information Technology, and Government Innovation on her agency’s ongoing implementation efforts for the strategy.
“ONCD, in collaboration with OMB, are going to lead the development of this implementation plan, and in fact, we’ve already started that work,” Walden testified during the March 23 hearing.
“This is a plan that, as we articulate in the strategy, will be public,” she said. “It will be developed – it is being developed – in full collaboration with all the departments and agencies who are going to be charged with certain action items, and with the private sector, and with civil society, and with Congress to make sure that the strategy realizes the vision that we’ve made out.”
“This strategy is new and novel in my mind because we’ve attempted to, where appropriate, place departments and agencies responsible for certain action items. We will build that out in the implementation plan,” Walden explained.
The acting director said that ONCD has already established an implementation plan working group that is made up of other departments and agencies.
“While some implementation activities are already underway, ONCD continues to receive insight and feedback from our interagency and non-federal partners on the overall implementation plan,” the ONCD spokesperson told MeriTalk.
“The plan will be published, and will apply the same spirit of collaboration that was so successful in drafting the National Cybersecurity Strategy,” the spokesperson said. “We look forward to sharing it when it’s complete.”
Ross Nodurft, executive director of the Alliance for Digital Innovation, said the technology trade group commends the strategy’s “comprehensive approach to enhancing our nation’s digital security.”
“There are many areas outlined in the strategy that will require partnership with industry, and we look forward to working with Congress, the Office of the National Cyber Director, and federal agencies to shape the implementation of the Administration’s cybersecurity initiatives,” Nodurft said.
“This strategy outlines a multi-pillar approach to impose needed security outcomes across critical infrastructure,” said Matt Hayden, vice president of cyber client engagement at General Dynamics Information Technology.
“While the challenge is always in the implementation and it won’t be easy to harmonize approaches, the process that led to this strategy was very collaborative with both industry and government stakeholders,” Hayden said. “The cyber strategy will serve as a lasting legacy.”