Cyber Strategy 2.0 Stresses Critical Infrastructure Protections

SAN FRANCISCO — The Office of the National Cyber Director (ONCD)’s second version of the National Cybersecurity Implementation Plan includes 31 new initiatives for the health care, education and water sectors and focuses on new hiring practices for the cybersecurity workforce.

A key area of the plan is promotion of skills-based hiring practices in federal government and its contractors, which follows the White House’s previously released cyber hiring strategy.

“Agencies will continue working with interested stakeholders to implement the initiatives of this plan and build new partnerships where possible with focus on promoting skills-based hiring in the federal government and among its contractors,” the plan reads.

ONCD Director Harry Coker noted the plan’s span across agencies, industries and sectors.

“The document’s not only an ONCD document, but works across the federal cybersecurity ecosystem, public sector and private sector to get the best ideas and to work those into America’s National Cybersecurity Strategy,” said Coker during the RSA Conference in San Francisco Tuesday.

Deputy National Cyber Director Drenan Dudley at RSA noted the new version focuses on critical infrastructure, which makes up one of the plan’s five pillars. Dudley also applauded the three sectors and their agencies for their leadership.

“That shows just the growth of making sure that while everybody’s has a different level of implementation … it’s really important to be sharing best practices and to make sure that each one gets the attention that they need,” Dudley said.

Coker said the plan’s emphasis on cooperation makes it unique, especially in the face of evolving threats to critical infrastructure operators and all of cyberspace.

“Those federal departments and agencies are the primary conduit for the public-private partnership with the owners, operators of America’s critical infrastructure. We need to continue to strengthen them,” Coker said. “For a while, the focus was rightfully on physical threats to our critical infrastructure. Those days are long gone. The cyber threat to our critical infrastructure is severe and not going away.”

In addition to critical infrastructure, the strategy includes pillars focused on disrupting threats, giving more security responsibility to manufacturers, upskilling the cyber workforce and strengthening international partnerships on common goals.

Since the first iteration of the implementation plan released in July, all 36 initial initiatives have been completed or are scheduled to be completed this fiscal year.

Acting Deputy Assistant Secretary for International Cyberspace Security at the State Department’s Bureau of Cyberspace and Digital Policy Liesyl Franz also emphasized the importance of relationships between public and private partners. She cited the war in Ukraine and the United States’ efforts to send assistance as proof of the necessity of these partnerships.

“We found ways to work very directly with the private sector, some of whom are already on the ground in Ukraine,” Franz said. “We found a way to coalesce a coalition of countries who were similarly willing to provide assistance and have modeled that into something called the Tallin mechanism, which was a way to coordinate the donor countries to provide assistance to Ukraine.”

Coker emphasized the need for international partnerships in cybersecurity since networks span national borders and threat actors are not confined to one physical space.

“I’m very hopeful that like-minded, these loving, democratic nations will continue to bond together,” Coker said. “In the words of the inaugural National Cyber Director Chris Inglis, we need to get to the space where you can’t defeat one of us unless you defeat all of us.”