%20cropped.jpg)
Statista, a leader in data research, has estimated that cybercrime in the U.S. cost over $320 billion in 2023. However, this number is expected to increase by 41 percent by 2024.
With cybersecurity threats on the rise, the Biden administration has created a comprehensive cybersecurity strategy to address these threats and go on the offensive to disrupt threat actors.
This strategy, named the “Biden-Harris Cybersecurity Implementation Strategy,” is based on five pillars. The plan is designed to assist in shifting the mindset of how the U.S. allocates roles, responsibilities and resources in cyberspace.
In this article, we’ll learn more about this groundbreaking strategy and how it aims to safeguard businesses and organizations from the ever-evolving cyber threats of the modern world.
What is the Biden-Harris Cybersecurity Implementation Strategy?
The Biden-Harris Cybersecurity Implementation Strategy positions the largest and most capable organizations in both the public and private sectors to assume a greater responsibility for the mitigation of cyber risk. This executive order outlines a roadmap designed to increase incentives for cybersecurity long-term planning.
This strategy is organized into five main pillars.
Defending Critical Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) will take the lead on an update of the National Cyber Incident Response Plan. In addition, there will be explicit instructions provided to external collaborators regarding the functions and abilities of federal agencies in managing and recovering from incidents.
Disrupting and Dismantling Threat Actors
The FBI will collaborate with other federal agencies, international partners and private sector entities to conduct operations aimed at disrupting and dismantling threats within the ransomware ecosystem. Resources like training, cybersecurity services, technical evaluations, pre-attack preparations and incident response support will be made available to targets at high risk.
Shaping Market Forces and Driving Security and Resilience
CISA will continue to lead work in identifying and reducing shortcomings in software bill of materials (SBOM) scale and implementation. They’ll also consider a globally accessible database of software at the end of its use and/or support, as well as an international SBOM.
Investing in a Resilient Future
The National Institute of Standards and Technology (NIST) will establish the Interagency International Cybersecurity Standardization Working Group to address important issues in global cybersecurity standardization and boost participation of U.S. federal agencies in the process. NIST will also finalize the standardization of one or more cryptographic algorithms that are resistant to quantum attacks.
Forging International Partnerships to Pursue Shared Goals
The Department of State will release a global strategy on Cyberspace and Digital Policy that integrates both bilateral and multilateral initiatives. They will also take steps to foster the development of knowledge and expertise among their personnel in relation to cyberspace and digital policy. This can then be utilized to form and reinforce interagency cyber teams at both national and regional levels.
In addition, the National Cybersecurity Strategy Implementation Plan (NCSIP) will ensure transparency and coordination among U.S. federal government agencies to enact the five pillars outlined in this strategy. This plan is due to be reviewed and revised annually.
What Does This Mean for Software Vendors, Cloud Providers and Large Businesses?
This approach involves the need for cooperation among private businesses, non-profit organizations, global allies, Congress, and regional governments at various levels. However, the responsibility of streamlining regulations will fall largely on software vendors, cloud providers and large businesses. The goal is for market sectors to determine worst-case scenarios and evaluate the potential for large-scale cyberattacks.
This strategy will encourage strengthening the cyber workforce by driving sustained progress through greater federal collaboration. This could result in attracting and hiring qualified and diverse cyber talent, improving career pathways in federal cybersecurity and investing in human resource capabilities and personnel.
While this new strategy does provide guidelines into future cybersecurity initiatives, the definitions of who will provide cybersecurity best practices and how industry regulations may be put in place are a bit murky. Businesses — especially in the healthcare, financial and software industries — are searching for clarity on what this means for them.
What Does This Mean for Small- and Medium-Sized Businesses?
While it is still the responsibility of the business to protect their productivity and data, every business will be held accountable to this strategy and be expected to use forthcoming cybersecurity industry best practices as a part of their own business plans. This includes a push towards zero-tolerance security policies.
Staying informed and keeping business plans updated is key. If not already done, the knowledge and experience of a Chief Information Officer (CIO) should be considered. If the investment in a CIO is not possible, consider a strategic focused technology management provider that can provide a virtual CIO. This dedicated resource will act as an adjunct executive to your leadership team providing guidance and direction on technology and security.
The Future of Cybersecurity
The initiatives spawned by the Biden-Harris Cybersecurity Implementation Strategy will likely evolve over time. However,this strategy is expected to be a game changer. It may put businesses on the offensive side of protecting their data, instead of solely being on the defensive side.
Your Partner for Cybersecurity and Comprehensive Technology Management
Looking to elevate your approach to technology management? Elevity boosts security, delivering both comprehensive Technology Management and integrated co-managed services to growing organizations of all sizes in Wisconsin, Illinois, Indiana and Ohio.
Contact us today to schedule a managed IT needs assessment or take our free online cybersecurity risk assessment to determine your cyber risk score. Knowing your risk is the first step toward minimizing it.
