On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks.

The new U.S. cyber strategy makes one message clear: America will not sit back and watch when attacked in cyberspace. On the contrary, in areas ranging from critical infrastructure to space exploration to intellectual property protection, the USA will respond offensively, as well as defensively in cyberspace.

As Justin Sherman, cyber policy researcher and student at Duke University, commented via email:

“An increased focus on deterrence is one of the most important aspects of the new U.S. cyber strategy: there is an entire section on attributing and deterring malicious cyberspace behavior, and there is specific language on building a Cyber Deterrence Initiative. This is related to the ‘defend forward’ terminology in the Department of Defense’s new cyber strategy—a separate but related document. Deterrence of cyber activity doesn’t necessarily have to occur through cyberspace alone, and the strategy reflects that.”

“Much of the document reaffirms the former stances of the Obama and George W. Bush administrations on Internet governance and cyber policy in general, and the strategy also discusses ongoing programs and initiatives throughout,” said Sherman, like bolstering the cybersecurity workforce and working to strengthen the organizations that make up the country’s “critical infrastructure” industries including electrical operators and financial institutions.

The only question is how best to implement it.

The four pillars of priority

The new strategy includes four main pillars of priority:

I: Protect the American People, the Homeland, and the American Way of Life by securing federal networks and information, securing critical infrastructure, combating cybercrime and improving incident reporting. This includes giving the Department of Homeland (Read more...)