Critical Infrastructure Security , Government , Industry Specific

ONCD Director Teases New Cybersecurity Implementation Plan

Experts Call for a Revised Implementation Plan and a New Focus on Enforcement
ONCD Director Teases New Cybersecurity Implementation Plan
Implementation of the national cybersecurity strategy is iterative, said National Cyber Director Harry Coker. (Image: Shutterstock)

An updated implementation plan for the U.S. national cybersecurity strategy can't come soon enough, experts told Information Security Media Group.

See Also: Cryptolocker Motivates City of Westland, MI to Change Security Strategy

"It's on its way" is the message from National Cyber Director Harry Coker, who was confirmed in December to serve as the second-ever permanent national cyber director. Coker touted the federal government's progress in implementing the national strategy during its first 12 months in a recent blog post, writing that agencies have "made progress on all 69 initiatives outlined last July" and fully completed implementing more than 20 of those goals.

"While the strategy is enduring, its implementation is iterative," Coker wrote.

The Office of the National Cyber Director did not immediately respond to requests for comment about the timeline for the release of the second implementation plan, but experts said many under-resourced federal agencies and critical infrastructure organizations struggle to fully align with the guidance. Brian Fox, chief technology officer and co-founder of the software supply chain management firm Sonatype, said there is currently "an imbalance issue" in the implementation of the national strategy.

"We're seeing a continued focus on education but no action on enforcing the consequences of noncompliance," Fox told ISMG, calling the strategy "a step in the right direction" but "not enough to successfully protect us from outside threats."

The national strategy aims to build collaboration between the public and private sectors on five pillars of cybersecurity: defending critical infrastructure, dismantling threat actors, shifting responsibility from end users to software providers and those best positioned to reduce risk, investing in a resilient future and forging international partnerships to counter threats (see: White House Issues National Cybersecurity Strategy Road Map).

Robert Moore, technical director of the security consulting firm NCC Group, said organizations require a "colossal" amount of resources to achieve the framework outlined in the national cybersecurity strategy and suggested the administration focus on supporting small and medium-sized entities by developing new "open-source tools that are easy to use" and can "help map and identify organizations' assets and technical debt."

"It is hard to quantify the value of security, but it is a cost that smaller businesses may understandably struggle with," Moore said.

The initiatives outlined in the implementation plan include establishing new cybersecurity requirements through the Office of Management and Budget and tasking the National Security Council to lead a policymaking process for new regulations across critical infrastructure sectors.

Federal agencies are also tasked with securing unclassified federal civilian executive branch systems, modernizing Federal Civilian Executive Branch technology and operationalizing sector-specific intelligence needs and priorities.

Coker described the work of protecting the U.S. in cyberspace as "a whole-of-nation effort" and acknowledged "there is much more work to do."

More than half of the 69 initiatives outlined in the implementation plan are expected to be completed in fiscal year 2024, according to the guidance, while another 20 are slated for fiscal years 2025 and 2026.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.