The White House Office of Management and Budget released new guidelines last week for how federal...
The White House Cybersecurity Strategy: A Call for Urgent Focus on Supply Chain Risks
The Biden administration released the National Cybersecurity Strategy earlier this month, a much-awaited declaration that addresses the urgent need for a broadly coordinated response to the mounting threats to America’s digital ecosystem.
The newly unveiled strategy advances “fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace.”
“The Cybersecurity Strategy is a good first step toward a new means of tackling our challenges, but we need to move quickly as time is not on our side. This national imperative requires bold action and commitment to make this a home run,” Fortress Information Security's CEO and co-founder Alex Santos said in a release March 2nd. “We have done it before, most recently with CHIPS Act to secure supply chains for the semiconductor industry.”
In broad strokes, the administration’s strategy addresses two fundamental shifts in how the US allocates roles, responsibilities, and resources in cyberspace. First, it shifts the burden for cybersecurity away from individuals, small businesses and local governments, and onto the software developers and hardware manufacturers who are best-positioned to tackle the problem.
Secondly, the new strategy seeks to realign efforts to address both the most urgent threats today while also investing in future strategies.
The National Cybersecurity Strategy comprises of five pillars:
- Defend critical infrastructure, including expanded use of minimum cybersecurity requirements in critical sectors.
- Disrupt and dismantle threat actors by a variety of means, including by engaging the private sector in developing scalable mechanisms, and addressing the ransomware threat through a comprehensive Federal approach that aligns with international partners.
- Shape market forces in order to drive security and resilience throughout the country’s digital ecosystem in ways that include promoting privacy and the security of personal data and ensuring that Federal grant programs promote new infrastructure that are secure and resilient.
- Invest in a resilient future through the development of collaborative, secure and resilient next-generation technologies and infrastructure. This will include developing a diverse and robust national cyber workforce
- Forge international partnerships to pursue shared goals with the intention of propagating responsible state behavior in cyberspace.
Implementing these high-level objectives will require extensive coordination between legions of public- and private-sector agencies and parties. Setting priorities will be crucial to that effort. Among the most prominent are four key factors that Fortress Information Security believes anchor the strategy in terms of implementation. These factors address uniform standards, supply chain integrity, best practices and timely, effective execution.
These factors consist of the following:
1. Software Assurance
At Fortress Information Security, we support the concept of safe harbor. We have already seen tremendous strides in the adoption of the North American Energy Software Assurance Database (NAESAD), an industry-wide collaborative database created to compile ad share Software Bills of n (SBOM) in products used by utilities across North America.
2. Cyber-Informed Engineering
We have begun to incorporate CIE in our programs, in support of asset owners across the country, by providing them with verified insights about vendors, products and software during the engineering and procurement phases of their supply chain programs.
3. Non-Governmental Agencies
Fortress has invested in relationships with NATF, AUVSI and ONG-ISAC for the purpose of evangelizing critical infrastructure best practices that specifically address the idiosyncrasies unique to the risks and threats that exist in sub sectors. We support the administration’s continued allegiance to these important groups.
4. The Time to Act Is Now
The White House has created a clear roadmap that recognizes the roles of DOE, DHS and DOD. We place great importance on exactly how the Sector Risk Management Agencies develop discrete plans, deadlines and potentially additional regulation that will be required to implement the White House strategy.
Given our critical infrastructure focus, Fortress stands committed to supporting DOE, DHS and DOD as they seek tactical guidance to carry out this landmark strategy.
The Biden administration’s National Cybersecurity Strategy will call for prioritizing and decision-making across a daunting range of components and considerations. We believe this new strategy has been long-needed and will be an essential component of our nation’s cybersecurity and overall security and progress.
About Fortress Information Security
Fortress secures North America's power and defense supply chains from cyberattacks on operational and critical enterprise technologies. Fortress' proprietary technology platform orchestrates North America's most advanced cyber supply chain risk management and vulnerability management programs. Fortress operates the Asset to Vendor Network and the North American Energy Software Assurance Database, which give critical operators confidence that the products, services, and software they obtain from others are cyber-safe. Fortress is a Goldman Sachs portfolio Company.