The White House released its anticipated implementation plan of its National Cybersecurity Strategy directing agencies on various cybersecurity actions over the next two years. The initial strategy released March 2023 outlined five pillars that shifted the responsibility of cyber to software developers and served as a preview for its vision in long-term investment in cyber.
The new National Cybersecurity Strategy Implementation Plan released Thursday outlines 65 high-impact initiatives across federal agencies within those pillars. This "first iteration" of the plan is a living document to be updated yearly, according to a White House memo.
"This roadmap charts a path toward a more resilient, equitable and defensible cyberspace," said Office of the National Cyber Director Acting Director Kemba Walden in tweet.
Some of the highlighted areas within each pillar include increasing use of standards and frameworks, updating the National Cyber Incident Response Plan and modernizing federal systems to remove legacy systems as part of the first pillar of defending critical infrastructure.
Within the second pillar to disrupt and dismantle threat actors, the plan calls for an update to the Defense Department's cyber strategy, an increase in efforts to defeat ransomware and a call to implement certain standards specifically for infrastructure-as-a-service (IaaS) providers.
In pillar three, which is to shape market forces, the plan outlines factors such as building software bills of materials (SBOMs) and launching an Internet of Things (IoT) security labeling program. It also calls on the Department of Treasury to assess a need for a federal insurance response to support the existing insurance market.
The fourth pillar around investments includes things like promoting more open-source software security, standardizing post-quantum cryptographic algorithms, developing a national strategy to strengthen the cyber workforce through education and driving adoption of cyber security-by-design principles into federal projects.
Finally, the last pillar around international partnerships outlines a call to expand operational law enforcement collaboration, amplify supply chain risk management best practices in critical infrastructure and hold states accountable for cyberspace incidents.
Each initiative has been assigned to 18 agencies with varying deadlines through fiscal year 2025, with some already having been completed — including the White House's outlined cybersecurity budgetary priorities for agencies.
The Office of the National Cyber Director (ONCD) will help organize efforts under the plan, including submitting an annual report to the president and Congress on the status of implementation, ONCD is also putting together a request for information regarding cybersecurity regulatory harmonization that will be published in the near future.