The release today of  the National Cybersecurity Strategy Implementation Plan is where the rubber meets the road.

For many years, OODA CTO Bob Gourley has reviewed and/or had a C-level responsibility to implement every National Cyber Security Strategy.  He has praised the 2023 National Cybersecurity Strategy (see below)  – which was released in March 2023 – and expressed optimism about the potential for innovative implementation of the strategy (especially as it related to public/private partnership).  Overall, Bob has commented that “the 2023 National Cybersecurity Strategy is the best the government has ever produced.  It is really amazing work and the best of all the strategy documents produced over the decades – and a job well done by the leaders at the White House Office of National Cyber Director.”  The strategy document is not without its critiques, however, and OODA Loop research and analysis linked below includes a range of perspective and opinions.  

The National Cybersecurity Strategy Implementation Plan – July 2023

Earlier today, OODA Network Member Jeff Moss echoed Bob’s positive sentiment, pointing to the release of the implementation plan today:

“On Thursday, July 13th the US White House Office of the National Cyber Director will release their National #Cybersecurity Strategy Implementation Plan.

Expect a lot of comments from the social, but this is the first time I can remember seeing a document this high level documenting initiatives, who is responsible for it, and expected completion dates. Great job ONCD!” 

We are also in luck this week, as a portion of the OODA Network community is on the ground today and tomorrow at the 10th AFCEA/INSA Intelligence and National Security Summit – so our collective OODA Loop feedback should be swift and interesting.  It is safe to say a portion of our upcoming July OODA Network Meeting will also be dedicated to a discussion of the implementation plan. So please check back in and the OODA Network spends some time with the document and we generate further analysis on the topic. 

For now, a direct link to the implementation plan can be found here:  National Cybersecurity Strategy Implementation Plan – July 2023

FACT SHEET: Biden-⁠Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan

President Biden has made clear that all Americans deserve the full benefits and potential of our digital future. The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace:

1. Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk
2. Increasing incentives to favor long-term investments into cybersecurity

Today, the Administration is announcing a roadmap to realize this bold, affirmative vision. It is taking the novel step of publishing the National Cybersecurity Strategy Implementation Plan (NCSIP) to ensure transparency and a continued path for coordination. This plan details more than 65 high-impact Federal initiatives, from protecting American jobs by combatting cybercrimes to building a skilled cyber workforce equipped to excel in our increasingly digital economy. The NCSIP, along with the Bipartisan Infrastructure Law, CHIPS and Science Act, Inflation Reduction Act, and other major Administration initiatives, will protect our investments in rebuilding America’s infrastructure, developing our clean energy sector, and re-shoring America’s technology and manufacturing base.

Each NCSIP initiative is assigned to a responsible agency and has a timeline for completion. Some initiatives, such as the issuance of the Administration’s Cybersecurity Priorities for the Fiscal Year 2025 Budget, have been completed ahead of schedule. Other completed activities, such as the transmittal of the May 26th Department of Defense 2023 Cyber Strategy to Congress, and the June 20th creation of a new National Security Cyber Section by the Justice Department, are key milestones in completing initiatives. This is the first iteration of the plan, which is a living document that will be updated annually.

Eighteen agencies are leading initiatives in this whole-of-government plan demonstrating the Administration’s deep commitment to a more resilient, equitable, and defensible cyberspace. The Office of the National Cyber Director (ONCD) will coordinate activities under the plan, including an annual report to the President and Congress on the status of implementation, and partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives. The Administration looks forward to implementing this plan in continued collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal, and territorial governments. As an example of the Administration’s commitment to public-private collaboration, ONCD is also working on a request for information regarding cybersecurity regulatory harmonization that will be published in the near future. (1)

Further Resources

A Webinar on the New National Cybersecurity Strategy and Critical Infrastructure Protection w/ OODA CTO Bob Gourley

This webinar took place last month – and Bob’s breakdown of the National Security document at the beginning of the webinar is as clear and cogent a breakdown as you will find anywhere from anyone.  It is worth a listen/watch.  

For more OODA Loop News Briefs and OODA Analyis on National Cybersecurity Strategy, go to: OODA Loop | National Cybersecurity Strategy

https://oodaloop.com/archive/2023/03/06/the-missing-piece-of-the-national-cybersecurity-strategy/

https://oodaloop.com/archive/2023/03/03/the-ooda-network-on-the-2023-national-cybersecurity-strategy/

https://oodaloop.com/archive/2023/05/11/the-national-cybersecurity-strategy-and-the-future-of-coordinated-vulnerability-disclosure-across-all-technology-types-and-sectors/