The White House has released its National Cybersecurity Strategy Implementation Plan (NCSIP). The plan outlines over 60 federal initiatives including job protection, cybercrime and building a cyber workforce.
Each NCSIP initiative is assigned to a responsible agency and has a timeline for completion. Some initiatives, such as budgets, have been completed ahead of schedule. This is the first iteration of the plan and will be updated annually.
The Office of the National Cyber Director (ONCD) will coordinate activities under the plan, including an annual report on the status of implementation, and partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives. The administration looks forward to implementing this plan in continued collaboration with the private sector, civil society, international partners, congress and state, local, Tribal and territorial governments.
Defending critical infrastructure
During a cyber incident, it is critical that the government acts in a coordinated manner and that private sector and partners know how to get help. The Cybersecurity and Infrastructure Security Agency (CISA) will lead a process to update the National Cyber Incident Response Plan. The update will also include clear guidance to external partners on the roles and capabilities of Federal agencies in incident response and recovery.
Disrupting and dismantling threat actors
The FBI will work with Federal, international and private sector partners to carry out disruption operations against the ransomware ecosystem, including virtual asset providers that enable laundering of ransomware proceeds and web fora offering initial access credentials or other material support for ransomware activities. A complementary initiative, led by CISA, will include offering resources such as training, cybersecurity services, technical assessments, pre-attack planning and incident response to high-risk targets of ransomware, like hospitals and schools, to make them less likely to be affected and to reduce the scale and duration of impacts if they are attacked.
Investing in a resilient future
The National Institute of Standards and Technology (NIST) will convene the Interagency International Cybersecurity Standardization Working Group to coordinate major issues in international cybersecurity standardization and enhance U.S. federal agency participation in the process. NIST will also finish standardization of one or more quantum-resistant publickey cryptographic algorithms.
Forging international partnerships to pursue shared goals
The Department of State will publish an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities. The department will also work to catalyze the development of staff knowledge and skills related to cyberspace and digital policy that can be used to establish and strengthen country and regional interagency cyber teams to facilitate coordination with partner nations.