RSA Conference 2023 ― San Francisco ― The United States government officials in cybersecurity joined an interdisciplinary discussion on Wednesday to share their underlying thoughts regarding the National Cybersecurity Strategy.
Announced by the Biden administration in early March, the strategy aims to defend cyberspace by rebalancing responsibilities within society and realigning incentives for long-term investments. The five pillars of this strategy include defending critical infrastructure and forging international partnerships.
“We wanted to shift responsibility away from consumers and didn’t want victims to be left holding the bag,” said Robert Knake, Acting Principal Deputy National Cyber Director at the Office of the National Cyber Director, at the RSA Conference. The strategy asserts that the responsibility or burden to reduce cyber threats should go to the most capable, not to individuals or small businesses.
Eric Goldstein, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), added more context, saying that “we should expect local school districts to confidently run their school district, educate our children, and not be defending themselves against ransomware gangs or advanced persistent threats.” From the CISA’s perspective, cloud service providers, major software manufacturers, and technology platforms should take on these responsibilities.
Bryan Vorndran, Assistant Director at the Federal Bureau of Investigation (FBI), noted that the strategy is “all about imposing maximum cost on our adversaries through all tools approached intentionally and domestically, privately and publicly.” The FBI representative further pointed out that utilizing public and private collaboration requires maturity since the partners in both sectors have different capabilities, authorities, and threat intelligence.
The administrators clarified that the national roadmap for cybersecurity is not intended to make an invulnerable society because such a society does not exist. “The future we see is not a zero intrusion society, but that every intrusion requires some novel vulnerability,” elaborated Goldstein. “The frustration is that the vast majority of intrusions are reusing the same class of attacks or building the same control again. We have to drill down on one of those investments that will knock out the most attacks.”
As for international partnerships, which are presented as pillar five in the U.S. cybersecurity strategy, Liesyl Franz, Deputy Assistant Secretary for International Cyberspace Security and Acting U.S. Department of State’s Bureau of Cyberspace and Digital Policy (CDP), said that defending cyberspace requires cohesion and collaboration in international society. Emphasizing the importance of sharing expertise and experience with partners, Franz asserted “to be able to provide the variety of things” to partners and to form a global partnership in an agile manner when cyberattacks happen.