White House Cyber Plan Eyes 65 Goals in Implementation Roadmap
The plan is the latest in a series of directives that outline cybersecurity initiatives and responsibilities across 18 federal agencies.
The White House released its anticipated implementation plan of its National Cybersecurity Strategy directing agencies on various cybersecurity actions over the next two years. The initial strategy released March 2023 outlined five pillars that shifted the responsibility of cyber to software developers and served as a preview for its vision in long-term investment in cyber.
The new National Cybersecurity Strategy Implementation Plan released Thursday outlines 65 high-impact initiatives across federal agencies within those pillars. This “first iteration” of the plan is a living document to be updated yearly, according to a White House memo.
“This roadmap charts a path toward a more resilient, equitable and defensible cyberspace,” said Office of the National Cyber Director Acting Director Kemba Walden in tweet.
Some of the highlighted areas within each pillar include increasing use of standards and frameworks, updating the National Cyber Incident Response Plan and modernizing federal systems to remove legacy systems as part of the first pillar of defending critical infrastructure.
Within the second pillar to disrupt and dismantle threat actors, the plan calls for an update to the Defense Department’s cyber strategy, an increase in efforts to defeat ransomware and a call to implement certain standards specifically for infrastructure-as-a-service (IaaS) providers.
In pillar three, which is to shape market forces, the plan outlines factors such as building software bills of materials (SBOMs) and launching an Internet of Things (IoT) security labeling program. It also calls on the Department of Treasury to assess a need for a federal insurance response to support the existing insurance market.
The fourth pillar around investments includes things like promoting more open-source software security, standardizing post-quantum cryptographic algorithms, developing a national strategy to strengthen the cyber workforce through education and driving adoption of cyber security-by-design principles into federal projects.
Finally, the last pillar around international partnerships outlines a call to expand operational law enforcement collaboration, amplify supply chain risk management best practices in critical infrastructure and hold states accountable for cyberspace incidents.
Each initiative has been assigned to 18 agencies with varying deadlines through fiscal year 2025, with some already having been completed — including the White House’s outlined cybersecurity budgetary priorities for agencies.
The Office of the National Cyber Director (ONCD) will help organize efforts under the plan, including submitting an annual report to the president and Congress on the status of implementation, ONCD is also putting together a request for information regarding cybersecurity regulatory harmonization that will be published in the near future.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Dominates CISA’s President’s Cup Cyber Competition
The competition featured real-world scenarios such as the LastPass major attack in 2022 and incorporates emerging technology.
4m read -
68 Software Firms Sign CISA’s Secure-by-Design Pledge
A year since CISA's initiative, tech companies say their products will have built-in security features from the start.
3m read -
Spain’s Cyber Agency is Incubating Businesses to Protect NATO Cyberspace
INCIBE Secretary General Carla Redondo Galbarriatu said the private sector is key to strengthening cybersecurity.
12m listen -
DHS AI Board Sees Civil Rights as ‘Part and Parcel’ of AI Safety
Secretary Alejandro Mayorkas shared details about the new board's first meeting and how he sees it transforming the agency's AI development.
3m read