[RSAC 2023] US cyber officials discuss the meaning of national cyber strategy

By Dain Oh, The Readable
Apr. 27, 2023 6:00AM GMT-7

RSA Conference 2023 ― San Francisco ― The United States government officials in cybersecurity joined an interdisciplinary discussion on Wednesday to share their underlying thoughts regarding the National Cybersecurity Strategy.

Announced by the Biden administration in early March, the strategy aims to defend cyberspace by rebalancing responsibilities within society and realigning incentives for long-term investments. The five pillars of this strategy include defending critical infrastructure and forging international partnerships.

“We wanted to shift responsibility away from consumers and didn’t want victims to be left holding the bag,” said Robert Knake, Acting Principal Deputy National Cyber Director at the Office of the National Cyber Director, at the RSA Conference. The strategy asserts that the responsibility or burden to reduce cyber threats should go to the most capable, not to individuals or small businesses.

Eric Goldstein, Executive Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), added more context, saying that “we should expect local school districts to confidently run their school district, educate our children, and not be defending themselves against ransomware gangs or advanced persistent threats.” From the CISA’s perspective, cloud service providers, major software manufacturers, and technology platforms should take on these responsibilities.

Bryan Vorndran, Assistant Director at the Federal Bureau of Investigation (FBI), noted that the strategy is “all about imposing maximum cost on our adversaries through all tools approached intentionally and domestically, privately and publicly.” The FBI representative further pointed out that utilizing public and private collaboration requires maturity since the partners in both sectors have different capabilities, authorities, and threat intelligence.

The administrators clarified that the national roadmap for cybersecurity is not intended to make an invulnerable society because such a society does not exist. “The future we see is not a zero intrusion society, but that every intrusion requires some novel vulnerability,” elaborated Goldstein. “The frustration is that the vast majority of intrusions are reusing the same class of attacks or building the same control again. We have to drill down on one of those investments that will knock out the most attacks.”

As for international partnerships, which are presented as pillar five in the U.S. cybersecurity strategy, Liesyl Franz, Deputy Assistant Secretary for International Cyberspace Security and Acting U.S. Department of State’s Bureau of Cyberspace and Digital Policy (CDP), said that defending cyberspace requires cohesion and collaboration in international society. Emphasizing the importance of sharing expertise and experience with partners, Franz asserted “to be able to provide the variety of things” to partners and to form a global partnership in an agile manner when cyberattacks happen.

ohdain@thereadable.co

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.