The Biden administration’s recently-released National Cyber Strategy proposes a new social contract that places the responsibility of protecting the nation’s cybersecurity on the private sector, not individual users. The novel model for national cyber resilience, which overturns decades of cybersecurity practice, is the result of an impending avalanche of disruptive technological threats that will eclipse the ability of everyday citizens and small businesses to protect data. No longer can the country rely on a model where private sector vendors and suppliers push security onto users. The National Cyber Strategy pledges to use government power to realign incentives and shape markets—by using carrots of government funding and sticks of regulation—to forge a new social contract for cybersecurity at a transitional moment.
Unlike previous such strategies, the new National Cyber Strategy rebalances responsibility to generate a new social contract for a resilient national cybersecurity to counter threats from malicious nations and emerging technology. Only the private sector can embed security-first product development to protect the country’s information architecture from the converging threats of the modernizing internet, quantum computing, and the hyper-connected Internet of Things (IoT), a network of physical objects, or “things,” connected to the internet that ranges from pacemakers to home ovens. In its call for new principles for cyber resilience, the document overturns decades of accepted practice for the private sector and constraints on government. It moves beyond rhetoric to declare that government must utilize its authorities to correct misaligned incentives that will jeopardize a flourishing digital ecosystem—a striking proposition.
Now-retired National Cyber Director Chris Inglis coordinated the writing of the Biden administration’s document. This is the first such document prepared by a national cyber director, and this version stands above all previous cyber strategies. Inglis and his team structured the document around five pillars, two of which—”Shape Market Forces to Drive Security and Resilience” and “Invest in a Resilient Future”—are most remarkable for outlining a new direction for cyber. The other pillars contain noteworthy changes, but nothing near the ruptures of those two, known as pillars three and four.
Continue reading at thebulletin.org.