This week in the other Washington, the White House released the National Cybersecurity Strategy Implementation Plan.
You may be wondering:
Here is what business leaders in the Pacific Northwest need to know.
In March of 2023, the White House released the National Cybersecurity Strategy
This strategy heralded two fundamental shifts on the United States’ focus on cyberspace. The broad strategic goals are:
The National Cybersecurity Strategy outlined strategic objectives under five pillars.
The pillars are:
Objectives included a focus on public/private collaboration to fight cybercrime. The strategy included measures to hold stewards of our data accountable and to shift liability for insecure software products and services to the developers. There are strategic objectives intended to streamline regulation. The strategy supports developing a larger and more diverse cyber workforce. At the same time, the strategy acknowledges that “sectors have varying capacities to absorb the costs of cybersecurity.”
The National Cybersecurity Strategy outlines a direction. It states in broad terms which opportunities are the highest priority and will receive the most attention.
The National Cybersecurity Implementation Plan identifies an initial course of action towards achieving these objectives. Per the White House:
“The Administration is announcing a roadmap to realize this bold, affirmative vision. It is taking the novel step of publishing the National Cybersecurity Strategy Implementation Plan (NCSIP) to ensure transparency and a continued path for coordination.”
Read the full implementation plan here.
For many of us here in Western Washington, the impact may be indirect and not felt immediately.
The good news is that there is increasing focus on making stewards of our data and developers of software applications responsible for the security of their products and services. These measures are intended not only to enhance national security but also to ensure economic resilience. They shift the burden from the users of these products to the developers. The data centers and the software applications that you rely on have an increasing responsibility to ensure that sensitive data in their trust remains secure.
There is considerable attention placed on establishing and promoting standards. The plan intends to “move best practice to common practice.” Wider adoption of best practices has a broad effects of enhancing national security and mitigating risk for all businesses in the US.
The Office of the National Cyber Director will lead the development of the National Cyber Workforce and Education Strategy.
This focus on workforce and education should lead to opportunity for individuals in groups that have not historically had access to tech to join the thriving tech community.
Adding more skilled tech workers should also ease hiring challenges. As you may know, the Pacific Northwest is currently experiencing a shortage of highly skilled tech workers. It may take time but the focus on strengthening the cyber workforce should ease pressures on businesses impacted by the current tech labor shortage.
Government regulation and market forces will encourage even small businesses to take a more deliberate and structured approach to managing risk.
From Tacoma to Kent, through Seattle to Everett, the aerospace manufacturing industry is a significant portion of our economy here in Western Washington. Suppliers in the Defense Industrial Base have already felt regulatory and market pressures to enhance their cybersecurity maturity.
At EXP Technical, we are seeing more widespread adoption of Cybersecurity Maturity Model Certification (CMMC). Not only are aerospace manufacturers and suppliers in the defense industrial base working at a frantic pace to implement the controls in NIST 800-171 and CMMC, but we also now see civil engineers and architects who design buildings and infrastructure at government sites pay increasing attention to cybersecurity and CMMC compliance.
Regulation, market forces, and a simple desire to be a good steward of sensitive data will drive more and more small businesses in the region to adopt standards such as the NIST Cybersecurity Framework (CSF).
As a business leader you can decide if your organization should be on the leading or trailing edge of this trend. A compelling case could be made for either course of action.
EXP Technical is here to help you on your journey.
We have already made an investment to protect the region (including you!) from cyberattack. EXP Technical's cybersecurity awareness training is available to all (for free) at EXP Academy.
We have developed a “right-sized” approach to cybersecurity that takes best practices into consideration while also respecting the budgetary constraints and limitations that many small businesses face. Contact us today to learn more.
