Biden’s cybersecurity strategy is bold, but it could be held back in Congress

The Biden administration released its updated national cybersecurity strategy in early March — and while it’s Biden’s first, it’s the third cybersecurity strategy the US has released this century. And it will probably have the most real impact.

Unlike cyber strategies of the past, the latter holds several groups and sectors directly responsible for its success. It refers to a single senior government official accountable for its implementation and success. The National Cyber ​​Director will be held accountable for ensuring that implementation is monitored and measured, that interagency teams are aligned, and that the federal government has the resources and authorizations necessary to bring the strategy to fruition .

It’s a tall order: Chris Inglis recently stepped down from the role after just under two years, and while Kemba Walden steps in as acting official, hopefully President Biden will nominate a permanent director in the coming weeks, whether it’s Walden or someone otherwise.

Increased liability in the technology sector

Another goal is to make the tech industry as a whole more accountable, including holding critical hardware and software vendors accountable for making more secure products. Within the released strategy, the administration has committed to working with both Congress and the private sector to “develop legislation establishing accountability for software products and services” — an effort sure to divide the current Congress.

Rightly so, the Biden administration’s strategy focuses on critical infrastructure and, going a step further than previous cyber strategies, connects compliance with cyber requirements with infrastructure investment financing. These funds “may stimulate investment in critical products and services that are safe and resilient by design and that support and drive safety and resilience throughout the lifecycle of critical infrastructure,” the strategy said.

Implementing this will be challenging, as various government agencies will need to work together to link funding requirements to proven cyber practices.

While the released strategy contained many anticipated elements, the Biden administration has made one thing clear: There will be a focus on community-wide implementation, not just for the yet-to-be-appointed National Cyber ​​​​Director, but for legislative bodies, policymakers and tech companies.

Even within individual companies there is a trend to make cybersecurity the responsibility of everyone, but there has not always been a shared responsibility. This strategy aims at driving ownership for all stakeholders: those who develop the technology, those in the supply chain all the way to the end user, those who create mandates and incentives, and finally the financial market. This multi-pronged approach will undoubtedly produce more consistent and streamlined results, but it takes real collaboration and communication.

Finally, the strategy is progressive on the regulatory front, citing that without strategic governance, changes across the board have been unpredictable. While allowing voluntary approaches has yielded improvements, “the lack of mandatory requirements has led to inadequate and inconsistent results,” the strategy states.

What’s coming?

Policy-wise, this is the strongest stance on cyber regulation the U.S. government has taken in more than a decade, and it will prove difficult to implement. The Republican House of Representatives is hesitant about regulation, and getting the right alignment from the House will be a challenge, especially on topics like holding tech companies accountable and linking compliance to federal funding.

So the question remains: is Biden’s bold strategy at brutal at work? Gaining approval from policymakers (including the House of Representatives) and coordinating constant transparency and communication between the public and private sectors – all under the direction of a new director – is far from easy.

But given the high stakes – cybercriminals are constantly evolving and switching to weaponizing their attacks – governments must draw a heavy line in the sand and implement bold strategies. If all stakeholders can commit themselves to making this strategy a success, our country will benefit.

Bob Kolasky is SVP of Critical Infrastructure at Exiger.