Commentary

The US cybersecurity strategy won’t address today’s threats with regulation alone

The Biden administration needs to foster greater public-private collaboration, involve global partners and help build the cyber workforce to fight growing digital threats.

By Jason Oxman

March 16, 2023

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger spoke during the daily press briefing at the White House on Feb. 17, 2021. (Photo by Drew Angerer/Getty Images)

Plenty of “unidentified flying objects” have appeared in the news over the past several weeks, yet cybersecurity professionals will tell you that we don’t need to look up to find a more daunting and real threat to national security.

Fortunately, President Biden just released the administration’s national cyber strategy. Coupled with industry collaboration, it’s an effective approach that represents a new hope for a safer and more economically prosperous future. Furthermore, the strategy is a much-needed step toward a clear roadmap for collaboration between agencies and industry partners, particularly in the technology sector. Prior federal cybersecurity strategic documents have lacked specificity, materially undermining their successful implementation and inhibiting stakeholder engagement.

But it is discouraging to those of us on the frontlines of cybersecurity to see that the strategy places so many of its “eggs” in the “basket” of regulation. As we hear more from the administration on their strategy, it is critical that the federal government articulates a vision of what specific gaps can be filled by new regulation. In addition, I urge the administration to follow through on its stated intention to harmonize, streamline and deconflict any new or existing regulations. We need clear and effective rules of the road. And, if much of the responsibility for defending cyberspace is to lie with the “most capable and best-positioned actors” in the public and private sectors, it is important that the administration follows through on its stated intention to involve industry in this vital conversation.

A successful strategy must also take into account the U.S. government’s responsibility to get its cyber house in order, too. The strategy notes that this will require real investment on the part of key government agencies. Congress and the administration must rise to this shared challenge and offer long-term sustainable investments.

On a more basic level, I applaud the administration for developing clear and measurable goals and hope that the promised implementation plan will deliver ambitious yet realistic timelines. As the old saying goes, “If you can’t measure it, you can’t improve it.” Without tracking progress in cyber risk reduction, the strategy will be nothing more than a thought experiment.

Speaking of risk, the cyber sector is increasingly global — and cybersecurity requires the engagement of countries around the world. It is critical that the new strategy delivers on the promised future vision for international, public and private collaboration — including the role of international standards bodies.

Lastly, and perhaps most importantly, this strategy is an opportunity to demonstrate that the U.S. cybersecurity workforce is a top priority for the administration. Our economy depends on innovative companies in the cybersecurity sector for unprecedented opportunities and prosperity. In real terms, this means good-paying jobs for Americans from all walks of life.

With this new strategy, industry will continue to step up to the plate to equip a new U.S. cybersecurity workforce to maintain our nation’s security and defend the digital and traditional economy, software vulnerabilities, and infrastructure. We don’t need a patchwork of disparate regulations, rather we need a consistent set of standards that allow for industry to drive security and resilience.

It is my hope and expectation that with this new approach, industry and government can come together to deliver comprehensive cybersecurity that is consistent, reflects a constantly evolving threat landscape and incorporates the interconnected, global nature of today’s digital environment.

With the hard work of cybersecurity professionals, the leadership of the technology industry and the strategic support of the federal government, we can work toward a U.S. cybersecurity posture that is fit for purpose and reflects the constantly evolving global threat landscape. Our economy and national security depend on it. Let’s get to work.

Jason Oxman is the president and CEO of the Information Technology Industry Council (ITI).

The US cybersecurity strategy won’t address today’s threats with regulation alone

More Like This

What resources do small utilities need to defend against cyberattacks?

How Congress can rein in data brokers

Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

Top Stories

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

Campaigns and political parties are in the crosshairs of election meddlers

Cyberattack hits Georgia county at center of voting software breach

More Scoops

Space is essential for infrastructure. Why isn’t it considered critical?

White House, EPA warn water sector of cybersecurity threats

Health care groups resist cybersecurity rules in wake of landmark breach

Update to national cybersecurity strategy implementation plan coming before the end of summer

Biden executive order seeks to cut China off from Americans’ sensitive data

White House is ‘working on version 2.0’ of cyber implementation plan

White House executive order on AI seeks to address security risks

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics