The United States changes step on the management of cyber security: threats to cybersecurity that come from a global context of high political and military tension, as well as of technological competitionthey pushed the administration of Joe Biden and Kamala Harris to publish one National cybersecurity strategy which puts in the hands of specialized federal agencies the defense of cyberspace rather than relying on policies scattered across regional governments and small businesses.

“In this decisive decade,” reads the White House note, “the United States will re-imagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and our democratic institutions; and an equitable and diverse society. To realize this vision, we need to make fundamental changes in how the United States allocates roles, responsibilities and resources in cyberspace.”

Coordinated by the Office of the National cyber director, the administration’s implementation of this strategy is already underway.

The centralization of cyber defense

The first pillar of the strategy is “rebalance the responsibility to defend cyberspace shifting the burden for cyber security away from individuals, small businesses and local governments towards organizations that are more capable and better positioned to reduce risk for all of us.”

The second is “realign incentives to favor long-term investment striking a careful balance between defending against urgent threats today while strategically planning and investing in a resilient future.”

The strategy is based on the belief that “The government must use all instruments of national power in a coordinated way to protect our security nationality, public safety and economic prosperity”.

The five-point strategy

This strategy seeks to enhance and improve collaboration between government agencies and businesses on cybersecurity around five pillars.

Defend critical infrastructure. This will be achieved, for example, by expanding the need to comply with minimum information security requirements in critical sectors to ensure national security and public safety and by harmonizing regulations to reduce the compliance burden. It will also come stimulated public-private collaboration to defend critical infrastructures and essential services. Federal networks will also be modernized and the Federal incident response policy will be updated.

Hinder and dismantle threat actors. The US wants to neutralize criminal cyber actors via “the strategic use of all the instruments of national power to dismantle the adversaries”, engaging the private sector in thwarting cybercriminals “through scalable mechanisms” e dealing with the ransomware threat through a comprehensive federal approach “in step with international partners”.

Drive market forces to increase security and resiliency. “We will hold accountability to those within our digital ecosystem who are best positioned to reduce risk by shifting the consequences of poor cybersecurity away from the most vulnerable in order to make our digital ecosystem more trustworthy.” This will be achieved, for example, promoting the privacy and security of personal data, “marrying responsibility for software products and services to promote secure development practices” and awarding federal subsidies that promote investments in new, safe and resilient infrastructure.

Invest in a resilient future. “Through strategic investments and coordinated and collaborative action” the United States intends to reduce the systemic technical vulnerabilities underpinning the Internet and throughout the digital ecosystem, making it more resilient to transnational digital repression,” give priority to research and development on information security for new generation technologies such as the cpostquantum retouching, digital identity solutions and clean energy infrastructure and develop into the workforce strong and diverse computer skills.

Forging international alliances to pursue shared goals. The United States wants strengthen responsible state behavior in cyberspace and make “irresponsible” behavior increasingly costly and harmful. To this end, they will use international coalitions and partnerships between “like-minded” nations to counter threats to the digital ecosystem through joint work of threat preparedness and response, and cost escalation. The US also intends to increase its partners’ ability to defend against cyber threats, both in peacetime and in crisis, and work with allies and partners to create secure global supply chains and reliable for Ict technologies and operative technological products and services.

