White House Moving to Put Nation’s Cyber Strategy on the Offcensive

3 minute read | Cybersecurity, Critical Infrastructure

White House Moving to Put Nation’s Cyber Strategy on the Offensive

Attacks on our nation’s critical infrastructure are happening day in and day out, with our current cybersecurity guidelines being based on voluntary reporting (if you follow the guidelines!). This has proven to be insufficient protection from the sophisticated criminal and nation-state actors targeting these essential sectors. Even major events like the Colonial Pipeline hack barely scratch the surface of the potential fallout of a broader cyberattack.

With the frequency of attacks showing no signs of slowing, the Biden administration is poised to take dramatic action to combat these brazen incidents. Specifically, the administration is about to approve its “National Cybersecurity Strategy” which is radically different from previous plans in two major ways:

First, this new plan would impose mandatory cybersecurity reporting regulations across a wide range of American industries, thus replacing the voluntary guidelines.
Second, the strategy authorizes U.S. defense, intelligence, and law enforcement agencies to conduct offensive cyber operations on criminal and foreign government networks. Authorizations for preemptive attacks on these networks is a particularly aggressive posture, with the plan also supporting retaliatory offensive cyber operations.

Concerns about cyber threats to our critical infrastructure and a recent article from Slate on the upcoming “National Cybersecurity Strategy” were the central focus in the most recent chat between Samara Schulman, President of OnPoint Consulting, and Pete Tseronis, Founder and CEO of Dots and Bridges.

OnPoint’s Key Points

To start, Samara was quick to acknowledge how noteworthy the aggressive nature of this plan is, as the U.S. government directly states that they will be working to “disrupt and dismantle hostile networks through a persistent, continuous campaign. While specifics of the plan are not available, the offensive cyber campaign will be coordinated across all relevant U.S. agencies by the FBI’s National Cyber Investigative Joint Task Force.

Both Samara and Pete see that there is a strong bipartisan consensus surrounding efforts related to cyber security and the protection of critical infrastructure. With legislation like the Infrastructure Investment and Jobs Act being indicative of this interest in our nation’s critical infrastructure across the aisle.

Samara stated that she “hopes that this stays a bipartisan issue… we’re going to see a lot regarding privacy issues… as one of the most important things about being an American is keeping our privacy.”

The discussion touched on how the definition of critical infrastructure is not widely known, which leads to difficulties in communicating the severity of cyber threats faced today and the potentially catastrophic results of attacks on these sectors. To that end, they provided the following breakdown to define to what “critical infrastructure” refers, and why the new cybersecurity strategy is centered around it’s protection:

“Critical infrastructure can be understood as a set of 16 economic sectors (think financial services, energy, water, transportation, telecommunications, etc.) that we as a nation depend on to keep not just our economy running but the gears of our society turning. These sectors are now internet based in many cases, and that connectivity brings forth a host of new vulnerabilities which can cripple our domestic economic engine if left unaddressed and these sectors are left unprotected.”

Another key component of the strategy highlighted by Samara was the pivot away from voluntary programs which ask the industrial base to report cyber incidents towards mandatory cybersecurity regulations. This is because there is a recognition from Washington that these programs remain woefully underutilized, a point Samara and Pete touched on in their previous conversation regarding Open Government and a collaborative approach to cybersecurity.

Moving Forward

Since the “National Cybersecurity Strategy” is still unreleased, many elements of the plan are still unknown to the public. Samara and Pete took this opportunity to raise some of the following questions and topics they will be paying close attention to going forward:

How will the private sector react to the mandatory regulations? Samara stated she “is curious to see how the balance of these mandatory cyber regulations and the cost of compliance ends up shaking out” since good cybersecurity is expensive.
The implications of the plan on topics like Zero Trust and workforce development, as these are key issues regarding the cyber ecosystem.

The unprecedented assertiveness of the new strategy shows that the government is waking up to the threats to our national security posed by cyber-attacks, with the Samara also recognizing that this plan should be a wake-up call to the broader public. She stated:

“We as American citizens need to collaborate with government and vice-versa,” as the plan is trying to convey “how important this [cybersecurity] is to our everyday lives and how serious a matter this is.”

These attacks on our critical infrastructure are being attempted day-in and day-out. Even as she was preparing for this very conversation, Samara saw breaking news that two extremists were charged with plotting to take out Baltimore’s power grid in an attempt to cripple the city. Attacks are happening in real-time, and we can no longer afford to simply wait on the defensive.

Listen to the discussion

Samara Schulman
President

Let’s connect! Bio