According to IBM, the average Ransomware attack cost was estimated to be 4.5 Million Dollars in 2022. Given the clear impact that lack of CyberSecurity is having even on the average company, it is a matter of national interest that public institution do their part in defining a clear strategy and goals to achieve to bring CyberSecurity back to an acceptable level.
The white house publishes the strategy and its outlined in five pillars:
- Defend Critical infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a resilient future
- Forge International Partnerships to Pursue Shared Goals
A More Fierce Cyber Security Strategy
The US has set quite an ambitious objective to increase security until the point where “criminal cyber activity is rendered unprofitable”. In order to “Dismantle” threat actors, the US to ramp up its action against cyber criminals by;
- Better integration with Federal Bodies: Several federal entities, such as the Department of Justice and FBI, have already engaged in activities such as cryptocurrency seizing, hunting criminal hosting on the web and dismantling botnets. Coordinating these activities and expanding on new efforts will be the cornerstone of the strategic objective “Disrupt and Dismantle”
- Enhancing Public-Private Collaboration: US recognises the fact that the private sector is more scalable and flexible. In order to increase resilience on a state level, is necessary to broaden the collaboration with private institutions.
- Increase Intelligence Sharing: to educate a broader audience and increase the base capability of all the entities involved in the internet, the US aims to improve intelligence sharing by publishing more information and keeping the public more informed on the identified emerging threats
- Prevent Infrastructure Abuse and Cybercrime: Hosting and cloud infrastructure offer actors outside the US the ability to turn against the country its own resources. The US aims to tighten security and regulations in order to prevent this phenomenon
Finally, a dedicated section of the strategy aims to increase the protection from Ransomware, demonstrating how this particular type of malware has gained a considerable spot in the light.
How the US Intends to Achieve its 2023 Strategy?
The United States will achieve the above-mentioned objectives by pursuing a multifaceted approach, which can be summarized in a few key points as follows.
First, is a priority to establish the cybersecurity requirements that are crucial to support the national security sector and have a concrete impact on public safety. This is essential to secure critical infrastructure and defend them against cyber threats.
Moreover, scaling public-private collaboration will be a strategy that, while promoting information sharing, will also ensure that cybersecurity resilience across multiple entities is enhanced by design.
Also, the US aims to strengthen the integration across cybersecurity centres that are already existing on a federal level. There are already several stakeholders on a federal level that are proving to be crucial in the fight against cyber threats. The goal of the 2023 cyber strategy is not to replace these institutions but to capitalize on them and better coordinate their effort against cyber criminals.
Finally, a modern federal defence strategy requires staying ahead of emerging threats. For this reason, the US has set a goal to increase adaptiveness against a rapidly evolving cybersecurity landscape.
What to expect as a business owner?
If you are a small business owner or an individual, chances are that in the future, the burden of ensuring cybersecurity will be shifted from you to government-level organisations or bigger companies that can better sustain the effort. Through a model of shared responsibility, leveraging the market forces and regulatory tools, safer cybersecurity practices will be incentivised to increase public safety and, consequently, general prosperity.
The United States has also committed to pursuing this strategy with a particular approach that will balance short-term needs with long-term investments. Some of these investments will impact areas such as cybersecurity research and development, workforce development, education and awareness.
Thus, If you are a stakeholder in these sectors, you can expect an increase not only in opportunities but in responsibilities as well as accountability for Data Processing, Secure Process Development, Insurance on Cyber Security incidents and similar practices, that today are innovative, will soon become a standard.
Special Focus on International Partnerships
If you are a service provider or a Cyber Security business stakeholder from abroad, you might be interested in knowing that international partnerships occupy a dedicated section in the 2023 US Cyber Security strategy document.
In fact, to counter the threats posed by hostile actors in the cyberspace, cooperation with international partners will be increased to achieve the following objectives:
– Build coalitions to counter threats to our digital ecosystem: The U.S. has set out to increase cooperation with allies and partners abroad to share information, coordinate responses, and impose sanctions on those who engage in malicious cyber activities. These partners on a state level include various countries such as Japan, Australia and India. The US intends to strengthen cooperation with these countries to achieve a more robust presence outside its boundaries, as many threats targeting the US are also coming from outside.
– Strengthen international partner capacity and assist partners: Increasing allies’ capabilities, where necessary, is also a strategic goal. As instability and inadequacy in protecting cyberspace for a third country could likely result in a threat to national security, the US commits to fostering investments and advancements in “like-minded” states.
– Secure global supply chains for information, communications, and operational technology products and services: The U.S. has recognised its dependency on products manufactured in foreign countries and in order to reduce its exposure will ensure that critical components are either built within the country or will ensure that the supply chain is stable and secure
What comes next?
The US Cyber Security Strategy 2023 document concludes by outlining what to expect next in three aspects:
- Assessing the effectiveness: The first step is to assess the current status and plan for measuring the effectiveness of the solution implemented, ensuring that the progress is measurable and the measurements are data-driven
- Incorporating Lessons Learned: lessons learned refers to learning how to prevent cyber security issues from cyber incidents. The government will start applying the cyber security strategy from the already present lesson learned from previous cyber incidents
- Making the Investment: the next step is to make new investments in order to further the cyber security strategy where lessons learned is not sufficient to bring the security up to the desired standard
These are the first steps that the government will take to ensure that the strategy is implemented sufficiently, but you can expect more developments to come as time goes on.
Conclusions
The US 2023 cyber security strategy is a relvant document under many aspects. An achievement that reflects the growing importance of protecting digital assets, information and identity in the virtual space. Besides outlining the vision of current objectives, the document sets future goals and measurements that will define whether the strategy was followed. However, this document is not the last step of a path but rather a first step on many roads that will define the national direction of cyber security. The US must continue adapting to this territory’s evolving challenges and opportunities and operate with its allies to promote a stable and secure cyberspace.
