USA released National Cybersecurity Strategy which calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace:

1. Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk;
2. Increasing incentives to favor long-term investments into cybersecurity.

The Office of the National Cyber Director (ONCD) will coordinate activities under the plan, including an annual report to the President and Congress on the status of implementation, and partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with the National Cybersecurity Strategy Implementation Plan (NCSIP) initiatives.

The following are sample initiatives from the plan, which is organized by pillars and strategic objectives:

Pillar One | Defending Critical Infrastructure

• Update the National Cyber Incident Response Plan. The Cybersecurity and Infrastructure Security Agency (CISA) will lead a process to update the National Cyber Incident Response Plan to more fully realize the policy that “a call to one is a call to all.” The update will also include clear guidance to external partners on the roles and capabilities of Federal agencies in incident response and recovery.

Pillar Two | Disrupting and Dismantling Threat Actors

• Combat Ransomware. Through the Joint Ransomware Task Force, the USA will continue its campaign to combat the scourge of ransomware and other cybercrime. CISA will offer resources such as training, cybersecurity services, technical assessments, pre-attack planning, and incident response to high-risk targets of ransomware, like hospitals, to make them less likely to be affected and to reduce the scale and duration of impacts if they are attacked.

Pillar Three | Shaping Market Forces and Driving Security and Resilience

• Software Bill of Materials. Increasing software transparency allows market actors to better understand their supply chain risk and to hold their vendors accountable for secure development practices. CISA continues to lead work with key stakeholders to identify and reduce gaps in software bill of materials (SBOM) scale and implementation.

Pillar Four | Investing in a Resilient Future

• Drive Key Cybersecurity Standards. Technical standards are foundational to the Internet. Consistent with the National Standards Strategy, the National Institute of Standards and Technology (NIST) will convene the Interagency International Cybersecurity Standardization Working Group to coordinate major issues in international cybersecurity standardization. 

Pillar Five | Forging International Partnerships to Pursue Shared Goals

• International Cyberspace and Digital Policy Strategy. Cyberspace is inherently global, and policy solutions must reflect close collaboration with our partners and allies. The USA will work to catalyze the development of staff knowledge and skills related to cyberspace and digital policy that can be used to establish and strengthen country and regional interagency cyber teams to facilitate coordination with partner nations.