In response to the Biden-Harris Administration’s release of the National Cybersecurity Strategy (NCS) on March 2, 2023, the Atlantic Council’s Cyber Statecraft Initiative (CSI) assembled a group of experts with backgrounds in both government and private-sector to provide a summary of and reflect upon the NCS. The experts praise the ambition present in the newly released policy; however, they also warn of the failure to enumerate how such communicated outputs would be implemented. With the NCS focused into five pillars – (1) defend critical infrastructure, (2) disrupt and dismantle threat actors, (3) shape market forces to drive security and resilience, (4) invest in a resilient future, and (5) force international partnerships – CSI highlights the strategy’s strength to address market incentives to reallocate responsibility in the field of cybersecurity and its comprehensive aim to produce initiatives aimed to improve cybersecurity across government agencies, critical infrastructure providers, and the private sector. Nevertheless, the authors argue that the strategy for each pillar avoids specific actions and policies to implement its vision, and instead stays “close to safe harbors.” For example, the strategy does not trace the source of market failings, address barriers to federal IT modernization, or integrate international perspectives on cybersecurity. The authors maintain that the strategy marks an important framework with novel policy activities, yet the document leaves much work to be done and has the potential to inspire future cybersecurity policy and reforms.
Author:
Maia Hamin, Trey Herr, Will Loomis, Emma Schroeder, and Stewart Scott
