IST Statement on the National Cybersecurity Strategy Implementation Plan

JULY 13, 2023 — In our review of the National Cybersecurity Strategy upon its release this March, we emphasized the importance of implementation: “success will require resources, collaboration, and consultation with partners across the private sector, international arena, and cybersecurity community.” The National Cybersecurity Strategy Implementation Plan released today marks significant progress in this direction. 

Among other important elements, we applaud the emphasis placed on operational collaboration in the Implementation Plan, particularly its focus on increasing the speed and scale of disruption operations and strengthening key entities that support operational collaboration like the National Cyber Investigative Joint Task Force. The plan also commits to identifying mechanisms to increase adversarial disruption through public-private operational collaboration, including by leveraging the Joint Ransomware Task Force. Together with these elements, the plan provides additional detail on the government’s plans to build a more sustainable approach to combating cybercrime and other malicious cyber activity, including ransomware.  

For example, efforts to “accelerate global adoption and implementation of anti-money laundering” standards, with an emphasis on disrupting ransomware payments, are critical to reducing the threat posed by ransomware, and we look forward to supporting this effort through our ongoing research and analysis on the ransomware payment ecosystem.

We also commend the commitment to provide rapid cyber incident response support to global partners. We encourage the entire U.S. government to dedicate staff and agency resources to assisting partners experiencing serious cybersecurity incidents of national concern.

The National Cybersecurity Strategy outlined a new approach to incentivizing stronger cybersecurity, including by shifting responsibility for security, realigning incentives, and continuing to leverage procurement power to enhance cybersecurity, especially through securing open-source software. The Implementation Plan leverages the power of multiple government agencies and offices to achieve this goal, including CISA’s focus on scaling public private partnerships to support the development and adoption of secure-by-design and secure-by-default hardware and software, ONCD’s establishment of the Open-Source Software Security Initiative, and OSTP support for research proposals that focus on memory safe programming languages and general source security solutions. 

Finally, the release of the National Cybersecurity Strategy Implementation Plan in and of itself is an important step; this public release signals the government’s commitment to transparency and promotes accountability for achieving the Strategy’s goals.