White House Cyber Chief Talks Upcoming National Cyber Strategy

The White House is developing a new national cybersecurity strategy that will establish a single coordinating authority for cyber policy across federal agencies and impose stronger costs on adversaries like China and Russia, National Cyber Director Sean Cairncross said Thursday.

Speaking at the Palo Alto Networks Public Sector Ignite event in Tysons, Virginia, Cairncross said the plan aims to unify government cybersecurity efforts and strengthen collaboration with industry to protect critical infrastructure from growing nation-state and criminal threats.

“For too long, our adversaries have operated with near impunity,” Cairncross said. “This isn’t an IT problem. This manifests in the real world. … It has real consequences, and it can hurt people in a physical way.”

The new strategy, he added, will ensure malicious behavior carries clear costs as adversaries put the nation “in strategic dilemmas and try to impact our ability to think and respond to potential situations on a geo-strategic level.”

Public-private collaboration, he added, will remain central to the new strategy.

“Critical infrastructure in this country is run by the private sector,” Cairncross said. “We bring assets to the table that the private sector doesn’t have, and you have an awareness of the battlefield, you see the threat environment. … We find ways to collaborate, then it improves our response immeasurably and hardens the defense for the country.”

Cairncross said the White House will coordinate across federal agencies and with industry to shape the new strategy.

“The more buy-in and collaboration we can have, the better,” he said. “Everyone is looking to speed and resiliency, looking to harden [network defenses], looking to modernize. … This really will be a whole-of-government approach.”

White House Supports Cyber Reauthorization

Cairncross also urged Congress to reauthorize the Cybersecurity Information Sharing Act, which expired earlier this year. The law, he said, is vital for enabling organizations and government agencies to exchange threat intelligence across sectors.

“It’s a vital law, it’s a common sense law,” Cairncross said. “The White House is pushing for a 10-year clean reauthorization of this authority.”

The lapse of the law has created uncertainty around information sharing, which both government and industry leaders say is essential to defending privately owned infrastructure. Even when the law was active, Cairncross noted, many companies were hesitant to share data.

“CISA was opening a door that even with that door open, a lot of people weren’t walking through,” he said. “Let’s get this reauthorized, which we completely support, but also let’s further demonstrate that that data sharing is actionable.”