The National Cyber Strategy: 6 Pillars and 6 Places for Industry to Support

A new National Cyber Strategy was just released late last week. This strategy puts deterrence front and center and emphasizes a whole of government response approach, with additional priorities that focus on critical infrastructure, modernization of the federal systems, and maturing approaches to Operational Technology. We believe these are the right priorities and that there are a number of places where the private sector can and should contribute.

The reality is that today adversaries have a direct path to our critical infrastructure and the burden of protecting it is on the operators. The threats are currently at their front door. Agencies are also critical infrastructure and have to defend their front doors also and companies like GDIT help them protect it. It’s only natural that systems integrators have a role to play in the implementation of a new national security strategy in a lateral, combined-threat picture.

Here’s how:

Defensive Cyber Shapes Adversarial Behavior.

Improving our defenses shapes adversarial behavior. By that I mean, when we adapt, they have to adapt – and we need to make it prohibitively difficult and expensive for them do to so. Companies can play a role by revisiting or investing in tools for both defensive and offensive cyber, but they need a clear roadmap. Industry needs to be able to make compliant tools faster. We need shared services to accelerate developing and operationalizing them, and we need policies that unleash the private sector’s capacity for innovation for this effort.

Incident Reporting and Cyber Regulation Should Be Orchestrated.

Incident reporting is how we document, investigate and share information about threats. We need regulatory reform around incident reporting that resets the baseline for critical infrastructure and harmonizes policies to ensure that what gets reported gets acted upon and what gets acted upon becomes what gets proactively mitigated against. Varying levels and definitions across reporting can lead to increased burden and less transparency. From a harmonized approach, companies can support with tooling and capabilities to operationalize this approach.

Modernization Must Include Zero Trust. It's hard to secure legacy systems.

No one disputes that. As large-scale modernization efforts are underway to support a new defensive posture. implementation must include technologies like Zero Trust and quantum in order to prepare us for the threat landscape of the future. Already, companies have invested in these capabilities ahead of what’s to come and can ensure that agencies reap the benefit of these investments in order to secure their operations.

Critical Infrastructure Must Be Redefined and Then Reimagined.

Critical infrastructure security policy must protect the homeland. In today’s environment, that requires broadening our definition of critical infrastructure to include the cloud and space, given their growing role in our critical infrastructure network. Pilot programs to defend and harden systems and to reexamine policy are essential projects. We must quickly translate them into action.

Leverage AI Innovation from the U.S. Outward.

Industry has a role to play in answering the question: How fast we can leverage AI innovation from the U.S. outward? AI leadership means pushing our models and algorithms globally. It means research and development and strategic planning. Finally, it demands counter AI models, cyber tools to secure them, and help from agencies like DARPA and NIST to do it.

We Need Cyber Talent and Capacity.

Industry and government alike will need more cyber talent and capacity today than yesterday, and more tomorrow than today. We need to work with academic institutions to support a cyber competent workforce. We need a set curriculum for high schools, trade schools and universities to incorporate into coursework, and with federal recognition. This will increase our ability to secure the nation and our critical infrastructure and will drive resilience and preparedness going forward.

In summary, we believe the new national cyber strategy’s priorities are the right ones. Our customers are very plugged into this conversation, and our programs and expertise align with it as well. GDIT stands and remains ready to support the implementation of policies, strategies and approaches that secure our critical infrastructure and strengthen our national security by drawing on our collective ability and responsibility to do so.