A senior official at the White House Office of the National Cyber Director (ONCD) gave her high-level perspective March. 2 on the Biden Administration’s brand new National Cyber Strategy.
Anjana Rajan, ONCD’s assistant national cyber director for technology security, explained that the new strategy calls for two big strategic shifts in cybersecurity: a reconsideration of who holds the most responsibility and how to leverage incentives that encourage better cybersecurity.
“This is a really exciting day for us here at ONCD and also in the Biden administration at large,” Rajan said during a GovCIO event in Tyson’s, Va., on Thursday.
“This strategy is unique in the sense that it is the first time an office dedicated to cybersecurity is writing it – which means that it is bold and written by people that have been thinking about this topic for a long time,” she continued, adding, “We’re tired, but excited to finally share it with all of you.”
The Biden administration released its much-anticipated National Cybersecurity Strategy on March 2, with multiple focus points including continuing efforts to improve security in already-regulated critical infrastructure sectors, a high-level goal of shifting more security responsibility onto providers of tech products and services, and a robust focus on using “all tools of national power” to go after attackers.
The White House said that implementation of the strategy is “already underway” and being coordinated by the ONCD, which produced the strategy.
During the event, the White House official shared her perspective on the most important aspects of the new strategy, explaining that ONCD is calling for “two big strategic shifts.”
“First and foremost, we’re saying that we need to rebalance who holds the majority of the responsibility,” Rajan said.
“Too often, we are relying on the individual consumer, and the small business, and the independent developer, and the local and state government to defend against nation-states. And that is an unfair burden we’re putting on the wrong folks,” she explained.
“What we need to rebalance is, the players who can bare that burden – both in the public and private sector – need to do their fair share of cybersecurity,” Rajan said.
She said the second big shift in the new cyber strategy involves encouraging cybersecurity professionals to invest in security that is more durable in the long haul.
“How do we … create and use market incentives to encourage us making investments in long-term security rather than short-term Band-Aids,” the official said.
Rajan continued, adding, “Assuming that people will voluntarily focus on cybersecurity is wishful thinking, and we now need to recognize that we have to create the ecosystem and the financial incentives to understand why [cybersecurity] is a priority.”