1 hour ago
2
OPINION — The White House is making a significant effort toward putting the nation’s cyber house in order. A newly released National Cyber Strategy represents a big step in the right direction for U.S. national security policy — advocating for the aggressive defense of our national infrastructure.
While the strategy includes important goals for the administration — streamlining regulation, developing the cyber workforce, defending federal networks, and partnering with the private sector — how the administration proceeds will determine whether it achieves the goals the strategy outlines. Across the strategy’s six pillars, the administration needs to clarify its arguments, refine its implementation plans, and improve its articulation of the challenge we face.
Defending U.S. national interests in cyberspace requires understanding the threat to our national security. Despite the prioritizing efforts to shape adversary behavior in the first of the strategy’s six pillars, it falls short of identifying America’s most aggressive adversaries — Russia and China. Both countries have repeatedly targeted American critical infrastructure without a meaningful response from the United States. It fails to mention China’s operational preparation of the battlefield on U.S. soil through its Volt Typhoon campaign against national critical infrastructure or Russia’s targeting of networking devices. Shaping adversary behavior in cyberspace requires identifying who the adversary is.
Pillar One provides a strong, effective argument for developing the offensive cyber capabilities and operations which are critical to enable success in today’s warfare. This White House showed its willingness to use these cyber capabilities in both Venezuela and Iran. There is an ongoing debate as to whether private companies should be allowed more agency to “hack back” against attackers, and the administration is reportedly considering an expanded role for the private sector. While the government should work with the private sector to develop these offensive capabilities, this should be limited to tool building and network defense rather than the actual conduct of offensive operations. If private companies conduct offensive cyber operations, the government risks losing control over escalation in conflict.
Pillar Two prioritizes streamlined regulations. Data and cybersecurity regulations help ensure companies have safe and secure practices. The proliferation of cyberattacks, however, has caused an explosion of cyber-related regulations. The federal government should work with the private sector to ensure that these regulations are comprehensive without being an unnecessary burden on the private sector.
Pillar Three focuses on the important goal of securing federal networks and modernizing procurement. The strategy wisely mentions post-quantum cryptography, zero-trust architecture, and cloud transition. To account for this emerging technology, the government must refine procurement processes to enable continuous improvement of federal networks.
Pillar Four calls for building strong private-public collaboration to defend critical infrastructure. This is a noble goal, but most of former Secretary of Homeland Security Kristi Noem’s work over the past year contradicted this goal. She eviscerated the cyber defense agency’s workforce — reducing it by nearly 40 percent — and disrupted cybersecurity grant programs, weakening the agency’s efforts to support state and local governments and public utilities. She cancelled the Critical Infrastructure Partnership Advisory Council, effectively gutting the federal government’s authority to engage private companies collectively to advance cyber defense.
The Trump administration can reverse this disastrous trend and get the United States on the right track to cyber defense of critical infrastructure. Noem’s replacement should start by rejuvenating and resourcing the Cybersecurity and Infrastructure Security Agency (CISA).
Pillar Five prioritizes American superiority in critical and emerging technologies — a necessary priority for ensuring U.S. success in cyberspace. Executing this strategy requires investment in the research centers that are the driving force for consistent improvement and development of critical and emerging technologies.
A key element of the new cyber strategy is in Pillar Six — its continued commitment to building America’s capability to develop talent in cyberspace. Without a strong cyber workforce in the government, the military, and the private sector, the nation is at risk of falling behind. The administration can validate this pillar with continued support to programs like the CyberCorps: Scholarship for Service which provides scholarships for cyber-related degrees in exchange for government service after graduation.
Because of the administration’s workforce cuts and hiring freezes, the program has faced challenges in the past year with maintaining funding and placing participants. The administration should support and expand funding for the program and prioritize hiring for participants. President Donald Trump should also establish a new military service for cyber, a U.S. Cyber Force, which would create a better mechanism for generating a military cyber workforce sufficient in size and skill to fulfill America’s strategic goals.
Trump would be wise to put the plan into action through additional executive orders (EOs) to implement the stated goals — presidentially signed orders task the federal agencies with discrete deliverables while White House strategic documents lack enforcing power. These EOs should prioritize support for CISA, cyber workforce development, and an organizational construct for taking aggressive action against U.S. adversaries. Taking the “ends” of the strategy and equipping them with “ways” and “means” via EOs will enable continued American superiority in cyberspace.
The six “Pillars of Action” in the new strategy have the potential to guide the United States toward success in cyberspace. That success will depend on whether the administration takes the necessary action to back up the sound rhetoric.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals. Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to Editor@thecipherbrief.com for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
English (US) · 