R Street Institute
In the News

More industry perspective on the US National Cybersecurity Strategy

by Brandon Pugh
March 3, 2023
Print
issues: Cyber Threats, Cybersecurity Policy, Federal Government Affairs
originally published in The Cyber Wire

Experts in cybersecurity shared their perspectives on the US National Cybersecurity Stretegy over the past couple of days with the CyberWire, highlighting the focus on the digital ecosystem, approaches to cyber postures posited by the strategy, the strategy’s focus on critical infrastructure, the impact on the labor forces in cyber and related sectors, and geopolitical facets.

Approaches to cyber postures.

Brandon Pugh, policy director for the R Street Institute’s cybersecurity and emerging threats team, highlights areas of concern in future postures:

“The Biden administration’s National Cybersecurity Strategy is ambitious and has many parts that would improve our cybersecurity posture, but there are areas of concern and others that need clarity. 

“Key to its success lies within how the strategy will be implemented. For example, it is one thing to call for harmonizing and streamlining regulation, but another to ensure it is actually done. This is especially important when the administration is looking to add new requirements and asking industry to take on more in the cyber realm. Even just looking at incident and breach reporting, there are at least two dozen federally issued requirements. This can result in a compliance nightmare and even limit the goal of improving our cyber posture.

“I urge the administration and Congress to tread carefully as they contemplate action that could undermine free market principles. The strategy currently recommends shifting liability onto manufacturers and software publishers that fail to take precautions to secure their software through legislation that the administration hopes to develop with Congress. This might sound positive in theory, but in practice, there would be large challenges and many questions to answer first. 

“I am hopeful that there will be greater collaboration with stakeholders as the strategy is implemented. For a strategy as consequential as this, more robust public engagement would have been helpful. Public engagement from Director Easterly and the Cybersecurity and Infrastructure Security Agency (CISA) is a model for others to follow.”