National Cyber Director Chris Inglis is expected to release the Biden administration’s first comprehensive national cybersecurity strategy in the coming days, a document that many expect will meet industry pushback as it could expand the government’s role in protecting the nation’s digital infrastructure.
The Biden administration issued its national security strategy last Wednesday, clearing the way for the imminent release of Inglis’s document. The strategy will be the first since the Trump administration released its national cybersecurity strategy in 2018.
Early reports suggest that the strategy is far more demanding of industry than previous efforts, with one source telling CyberScoop in July that Inglis plans to “more forcefully use government power in the cyber arena.”
Asked to comment on the “tough” new strategy at the Cipher Brief Threat Conference last week in Sea Island, Georgia, Inglis vigorously defended the document.
“If tough means that we have to be serious about what we want cyberspace to do for us and to then be willing to make investments to achieve that and if the government is then willing to put its money where its mouth is by specifying in its own architectures what the non-discretionary attributes are and making investments to deliver those … then it’s time for us to be tough,” he said. “Because at the end of the day, something like market forces only takes us so far.”
Inglis said the strategy was drafted with the idea that cybersecurity regulation needs to go a “bit further, as we have for cars.” He said the strategy is meant to convey an “affirmative intentionality.”
It will be important for the strategy to include “explicit tasking to achieve objectives,” said Mark Montgomery, who is senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies and who previously served as executive director of the U.S. Cyberspace Solarium Commission. Montgomery said it also will be vital for the strategy to include an implementation plan.
In his conference remarks, Inglis said that while tough, the strategy also reflects his desire to ratchet up regulation with “the lightest possible touch.”
He pointed to an executive order the Biden administration released in May 2021, saying it served as a blueprint of sorts for the strategy. Inglis said that among other things the strategy makes clear that CISA must continue to create coalitions with the private sector and doubles down on an existing emphasis on sector risk management agencies.