Less than nine months removed from issuing its highly anticipated national cybersecurity strategy, the Biden administration is working to update the strategy document’s implementation plan, according to a senior White House cybersecurity adviser.
Speaking Thursday at Scoop News Group’s CyberTalks event, Chris DeRusha painted a picture of an evolving document as the Biden administration works to deliver on its cybersecurity goals.
“We’re going to update that implementation plan — it’s not a static thing,” said DeRusha, who also serves as the federal chief information security officer. “We’re already working on version 2.0. As we check off successes, hitting that next public-facing series of commitments, [we want] to make sure that we’re really driving forward progress.”
DeRusha acknowledged that while the strategy “did put forward a positive, attainable vision for getting to a place” where the country can manage cyber-related risks, those threats will not “disappear,” especially when it comes to critical infrastructure.
The cybersecurity strategy builds on President Joe Biden’s May 2021 executive order and proposes a series of reforms aimed at delivering broad improvements to computer security. The administration is working to modernize technology and improve cybersecurity, but DeRusha said on Thursday that modernization alone won’t deliver the security improvements sought by the White House.
“We know we can’t modernize everything,” DeRusha said. “You can put compensating controls in place, but we have to have visibility on that and assurances that we’re actually managing the risk” to critical infrastructure.
To that end, DeRusha said the administration is studying the “current operational standing of all the cyber centers” and identifying efficiencies. The results of those inquiries will be analyzed and used to “clean up some of the noise.”
The Biden administration is also working to update the national cyber incident response plan, and DeRusha noted that public-private coordination will be crucial to reacting to critical infrastructure threats together.
There’s been progress on the disruption and dismantling of threat actors as called for in the national strategy, with DeRusha noting that the White House recently hosted 50 countries for a counter ransomware summit that resulted in commitments on information-sharing and not paying ransoms.
DeRusha also said that the Biden administration is “having meaningful conversations” about a federal cyber insurance backstop and remains fully committed to forging more international partnerships on all things cyber.
“We cannot achieve any meaningful progress on managing cyber risk as one nation,” DeRusha said. The White House is “investing in these coalitions … and meaningful cooperation is going to be one of the most important things we do. And this administration is definitely committed to working with our like-minded partners on shared goals.”