The National Cybersecurity Strategy focuses on five pillars:
- Defend critical infrastructure, including by (i) establishing cybersecurity regulations to secure critical infrastructure, (ii) strengthening public-private sector collaboration, (iii) integrating federal cybersecurity centers, (iv) updating federal incident response plans and processes, and (v) modernizing federal systems in accordance with zero trust principles;
- Disrupt and dismantle threat actors, including by (i) integrating diplomatic, information, military, financial, intelligence and law enforcement capabilities, (ii) enhancing public-private sector collaborations, (iii) increasing the speed and scale of intelligence sharing and victim notification, (iv) preventing the abuse of U.S.-based infrastructure, and (v) mounting disruption campaigns and other efforts against ransomware operators;
- Shape market forces to drive security and resilience, including by (i) supporting legislative efforts to limit organizations’ ability to collect, use, transfer and maintain personal information and provide strong protections for sensitive data (e.g., geolocation and health data), (ii) strengthening IoT device security through federal research and development, procurement, risk management efforts and IoT security labeling programs, (iii) developing legislation establishing liability for hardware and software manufacturers and developers, and higher standards of care for software in high-risk scenarios, (iv) using federal grants and other incentives to make investments in critical infrastructure cybersecurity efforts, (v) strengthening cybersecurity contract requirements with government vendors, and (vi) exploring a federal cyber insurance framework;
- Invest in a resilient future, including by (i) securing the technical foundation of the Internet, (ii) investing in federal cybersecurity research and development in areas such as AI, cloud infrastructure, telecommunications and data analytics used in critical infrastructure, (iii) transitioning vulnerable public networks and systems to quantum-resistant cryptography-based environments, (iv) investing in hardware and software systems that strengthen the resiliency, safety and efficiency of the U.S. electric grid, (v) investing in strong, verifiable digital identity solutions that promote security, accessibility and interoperability, financial and social inclusion, consumer privacy and economic growth, and (vi) strengthening and expanding the nation’s cyber workforce; and
- Forge international partnerships to pursue shared goals, including by (i) building international coalitions to counter threats to the digital ecosystem, (ii) strengthening international partner capacity, (iii) expanding the U.S.’s ability to assist allies and partners in strengthening cybersecurity, (iv) building coalitions to reinforce global norms of responsible state behavior, and (v) securing global supply chains for information, communications and operational technology products and services that power the U.S. economy.
The Strategy marks the culmination of a monthslong process coordinated by the Office of the National Cyber Director (“ONCD”), which serves as a principal advisor to President Biden on cybersecurity policy and strategy, and cybersecurity engagement with industry and international stakeholders. ONCD, in coordination with the Office of Management and Budget, will work to implement the Strategy under the oversight of National Security Council staff.