- Defending Critical Infrastructure
- Disrupting and Dismantling Threat Actors
- Shaping Market Forces and Driving Security and Resilience
- Investing in a Resilient Future
- Forging International Partnerships to Pursue Shared Goals.
The NCSIP adds a sixth element not contained in the original strategy: Implementation-wide Initiatives, which calls for future reporting on strategy implementation progress, applying lessons learned from implementing the strategy, and ensuring federal budgetary guidance aligns with the strategy’s implementation.
Every initiative under each pillar is assigned to a responsible agency, with other contributing agencies designated where relevant, along with a completion date. Most completion dates occur in 2024, although a handful of initiatives face deadlines throughout 2025.
For example, under pillar one, Defend Critical Infrastructure, the first strategic objective is Establish Cybersecurity Requirements to Support National Security and Public Safety. Under this objective, the ONCD, in coordination with the OMB, will work with regulators to identify opportunities to harmonize baseline cybersecurity requirements for critical infrastructure. The agency responsible for this initiative is ONCD, with the Federal Communications Commission (FCC) and OMB designated as contributing entities. The completion date for this initiative is 1Q FY24.
Accelerating movement that is already underway
Most of the objectives in the NCSIP represent forward momentum on ongoing, softer cybersecurity processes and procedures, such as collaboration and coordination, that the US government already has underway. “What I think is good about it is that there are concrete steps under each of the major objectives for how they’re going to try to make progress against that objective,” Montgomery says, even if the steps don’t produce definitive outcomes.
“We’ve had a lot of cyber strategies in the past, including going back to 2003, and they’re great,” Chris Painter, president of the Global Forum for Cyber Excellence Foundation Board and a former government official who served as the State Department’s first cyber diplomat, tells CSO. “They’re great documents, aspirational in many ways, but execution has always been an issue. So having a plan is important to try to force that next step, the implementation. I think the process of setting practical goals that you’re trying to achieve is itself a way to get the government to move and to collaborate.”
The sixth section of the NCSIP that relates to funding agencies is critical to executing the objectives. “They clearly make the link to resources and align budgets to actually support the strategy,” Daniel says. “When I worked at OMB, we used to joke that a strategy without resources is a hallucination.”