White House Eyes New Pillar in Cyber Strategy Refresh

The White House is preparing to finalize its new national cybersecurity strategy that National Cyber Director Sean Cairncross said would introduce a new pillar to impose consequences on cyber adversaries.

“We have not done a terrific job of sending a signal to our adversaries that this behavior is not without consequences,” Cairncross said at the Aspen Cyber Summit earlier this week. “As attacks scale and become more aggressive, especially as AI is integrated into these threats, we need to make that statement clear.”

The upcoming strategy would expand on the existing national cybersecurity strategy, which features five pillars: defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future and forge international partnerships to pursue shared goals.

Cairncross teased the release of the new strategy in October, when he said the plan aims to unify government cybersecurity efforts and strengthen collaboration with industry to protect critical infrastructure from growing nation-state and criminal threats.

Cairncross said this week the updated strategy would feature a “short statement of intent with action items” to strengthen public-private partnerships and improve critical infrastructure resiliency through better communication between government and industry.

FBI Cyber Division Assistant Director Brett Leatherman said at the Aspen Cyber Summit that the bureau has already reviewed the strategy and provided feedback. He said the updated strategy would give a more holistic approach across federal agencies and industry partners.

“I’ve never seen the relationships as strong as they are over the last few years … it’s muscle memory for us,” said Leatherman. “Every day we are sharing intelligence and information that lends itself to attribution, that lends itself to victim notification.”

Establishing a National Cyber Academic Program

The updated strategy would consolidate programs and build on existing partnerships to create a national cyber academic program. The effort would include public-private collaborations agencies have with universities, vocational schools and industry.

“There’s over half a million cyber jobs that need filling, and there will be a need for more,” said Cairncross. “We need to align industry and academia — especially vocational and trade institutions — to better prepare the workforce for the demands of modern cybersecurity.”

The Office of the National Cyber Director (ONCD) will also work with interagency partners, including the Office of Management and Budget, War Department and Energy Department’s National Laboratories, to invest in creating a cyber-ready workforce and a whole-of-government approach to cybersecurity.

“We’ve become good at responding in a fractured way, but there has never been a top-cover strategy,” said Cairncross. “This updated plan gives us a framework to incentivize industry and academia to engage more fully and to make meaningful progress over the course of a year.”