New National Cybersecurity Strategy Calls for ‘Fundamental Shifts’ in Cyber ‘Roles, Responsibilities, and Resources’

The new National Cybersecurity Strategy vows to build “a more defensible and resilient digital ecosystem” through “generational investments” in cyber infrastructure, increased digital diplomacy and private-sector partnerships, regulation of critical sectors, and allowing software firms to be held liable if their products hold the door open for hackers.

“This National Cybersecurity Strategy establishes a clear vision for a secure cyberspace,” Homeland Security Secretary Alejandro Mayorkas said. “The Department of Homeland Security continuously evolves to counter emerging threats and protect Americans in our modern world. We will implement the president’s vision outlined in this strategy, working with partners across sectors and around the globe to provide cybersecurity tools and resources, protect critical infrastructure, respond to and recover from cyber incidents, and pave the way for a more secure future.”

The new long-anticipated strategy, which builds on previous cybersecurity executive orders and replaces the 2018 National Cyber Strategy, was expected to be more aggressive on regulations to better protect vulnerable sectors as well as on offensive actions to go after independent and nation-state hackers.

“We must make fundamental changes to the underlying dynamics of the digital ecosystem, shifting the advantage to its defenders and perpetually frustrating the forces that would threaten it,” the strategy states. “Our goal is a defensible, resilient digital ecosystem where it is costlier to attack systems than defend them, where sensitive or private information is secure and protected, and where neither incidents nor errors cascade into catastrophic, systemic consequences.”

The strategy says it is driven by “a new phase of deepening digital dependencies,” growing complexity of software and systems, artificial intelligence “which can act in ways unexpected to even their own creators,” accelerating global interconnectivity, digital operational technology, and advanced wireless technologies, Internet of Things (IoT), and space-based assets that make “cyberattacks inherently more destructive and impactful to our daily lives.”