US says National Cybersecurity Strategy will focus on market resilience and private partnerships
The recently announced implementation plans alow for more aggressive action against ransomware gangs


The White House has published the first implementation plan for its National Cybersecurity Strategy, which aims to improve the strength of the software supply chain and increase public-private collaboration.
Improving the resilience of the market is a key focus, with efforts to establish a long-term software liability framework and reduce gaps in software bills of materials (SBOMs) to ensure unsupported software is not used for critical infrastructure.
The Cybersecurity and Infrastructure Security Agency (CISA) will work with the private sector, non-profits, the open-source community, and academia to establish secure-by-design software and hardware.
In a fact sheet, the White House stated the plan ensures “the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk”.
Private sector firms will fall under further requirements laid out by CISA in an effort improve the speed and cohesiveness of reporting following cyber incidents.
Vendors that knowingly provide deficient cyber security products or services will also be pursued more heavily under the False Claims Act.
A Federal Cyber Insurance Backstop, which would see the government provide assistance in the event of a catastrophic incident, is also under consideration. The plan notes that such a scheme could support an uncertain cyber insurance market.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
RELATED RESOURCE
The power of the One True Zero Trust Platform
Adopt a zero trust architecture to mitigate the risks posed by the current threat landscape.
This initiative is expected to reach completion by Q1 2024, though the plan could be revised at a later date depending on the outcome of the talks.
By the end of 2023, the Office of Management and Budget will lay out stricter Federal Acquisition Regulation (FAR) requirements for the procurement and labeling of Internet of Things (IoT) devices.
For future resilience, the government will invest heavily in the research and development of memory-safe programming languages as well as quantum-resistant cryptographic algorithms which will be necessary to protect encryption in the near future.
The plan is structured around five ‘pillars’, under which lie more than 65 initiatives for improving the federal, public, and private cyber security landscape.
- Defending Critical Infrastructure
- Disrupting and Dismantling Threat Actors
- Shaping Market Forces and Driving Security and Resilience
- Investing in a Resilient Future
- Forging International Partnerships to Pursue Shared Goals
The White House described the plan as a “living document”, which will be updated annually in line with evolving needs and ambitions for US cyber defense.
On threat actors, the Office of the National Cyber Director is set to work with federal partners as well as those in the private sector to find ways in which existing systems can be used to disrupt cyber criminals.
The document also assigns the Department of State and the Joint Ransomware Task Force (JRTF) to “defeat ransomware” by disrupting the worldwide threat ecosystem.
Ransomware gangs such as LockBit have been in the crosshairs of international law enforcement in recent months. The Department of Justice (DoJ) has ramped up arrests against alleged members of the group, and put out a $10 million bounty for another in May.
CISA, along with JRTF, will also provide training, analysis, planning, and incident response services to private and public sector organizations that oversee critical national infrastructure.
“The National Cybersecurity Strategy Implementation Plan (NCSIP) gives much-needed guidance for agencies on improving cyber resilience,” said Gary Barlet, Federal CTO at Illumio.
“It assigns timebound goals and initiatives to each agency – giving them direction on how to reach the strategy’s clear objectives. These goals and initiatives also display a sense of urgency, which is important, as the pace of technology makes it impossible to imagine the impact it will have on security in three, five, or ten years. It focuses on building cyber resilience now as well as down the road.
“This plan reflects the urgency of today’s cyber threats, and also demonstrates an understanding of the resource and fiscal challenges agencies face in overcoming these dangers. While the NCSIP doesn’t include direct funding, it does align with the administration’s cyber budget priorities to better position agencies to achieve their objectives and combat cyber attacks.
“If agencies can align their budgetary responsibilities and resources with these initiatives, then they will be well equipped to bolster their cyber resilience today and tomorrow.”
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
US government urged to overhaul outdated technology
News A review from the US Government Accountability Office (GAO) has found legacy technology and outdated IT systems are negatively impacting efficiency.
By George Fitzmaurice Published
-
US proposes new ‘know-your-customer’ restrictions on cloud providers
News The US aims to stifle Chinese AI competition with new restrictions on cloud providers to verify foreign data center users
By Solomon Klappholz Published
-
SEC passes rules compelling US public companies to report data breaches within four days
News Foreign entities trading publicly in the US will also be held to comparative standards
By Rory Bathgate Published
-
US ‘Tech Hubs’ drive aims to boost innovation in American heartlands
News The development of the hubs will could help drive regional innovation and support for tech companies
By Ross Kelly Published
-
Biden sets June deadline for $42 billion broadband funding outline
News The announced deadline come prior to a much-awaited update to the FCC's US broadband map, giving a clearer image of the internet challenges facing the nation
By Rory Bathgate Published
-
FCC eyes formal ban of all Huawei, ZTE equipment sales
News Approaching the deadline to pass such a ruling, companies such as Kaspersky face similar restrictions
By Rory Bathgate Published
-
White House proposes fresh Bill of Rights to limit AI threats
News The Biden administration is hoping it will act as a guide for the development and use of AI that protects citizens from harms
By Zach Marzouk Published
-
US plans big tech regulatory framework
News The White House has outlined six principles it aims to follow in order to reform big tech
By Zach Marzouk Published