In recent years, the issue of cybersecurity has become
increasingly important as the world becomes more digitally interconnected. With
the pandemic accelerating the adoption of digital technologies, the need for
robust cybersecurity measures has never been more pressing. In response to
this, the Biden administration has introduced new rules on mandatory
cybersecurity. In this essay, I will outline these new rules and their
In September 2021, the Biden Administration released its
National Cybersecurity Strategy, outlining its plan to protect American
citizens, businesses, and government organizations from cyber attacks. The
strategy emphasizes the importance of collaboration between government, private
sector, and international partners to improve cybersecurity practices and
protect critical infrastructure. In this essay, I will outline the key elements
of the strategy and discuss its potential impact.
At the micro level, the new rules are part of the Biden
administration's efforts to improve the cybersecurity posture of the United
States. The rules apply to federal agencies and their contractors and require
them to adhere to a set of cybersecurity standards. These standards are based
on the National Institute of Standards and Technology (NIST) Cybersecurity
Framework, which is widely regarded as the gold standard for cybersecurity.
The new rules come in the form of an executive order signed
by President Biden in May 2021. The order sets out a series of requirements
that federal agencies and their contractors must meet to improve their
cybersecurity. These requirements include:
The executive order also establishes a Cybersecurity Safety
Review Board, which will be responsible for reviewing and assessing significant
cybersecurity incidents affecting federal agencies and their contractors. The
board will consist of government and private sector experts and will provide
recommendations for improving cybersecurity.
From a macro level, the new rules have significant
implications for federal agencies and their contractors. For federal agencies,
the rules represent a significant shift in the way they approach cybersecurity.
In the past, many agencies have struggled to keep up with the ever-evolving
threat landscape. The new rules provide a clear framework for improving
cybersecurity and will help to ensure that federal agencies are better equipped
to protect sensitive information.
For contractors, the new rules mean that they must also
adhere to a set of cybersecurity standards. This is a significant departure
from previous practices, where contractors were often left to their own devices
when it came to cybersecurity. The new rules will help to ensure that
contractors are taking cybersecurity seriously and are implementing best
practices to protect the sensitive information they handle.
The new rules also have wider implications for the private
sector. The NIST Cybersecurity Framework on which the rules are based is widely
regarded as the gold standard for cybersecurity. By requiring federal agencies
and their contractors to adhere to this framework, the Biden administration is
setting a precedent for the private sector to follow. This is likely to lead to
an increase in demand for cybersecurity products and services, as companies
look to improve their cybersecurity posture in line with the new rules.
The National Cybersecurity Strategy is built on four
pillars: 1) defending U.S. networks, systems, and information; 2) strengthening
the security and resilience of critical infrastructure; 3) combating cybercrime
and improving law enforcement cooperation; and 4) promoting responsible
behavior in cyberspace. Each pillar includes a series of actions to be taken by
the government and private sector to improve cybersecurity.
The first pillar of the strategy focuses on the defense of
U.S. networks, systems, and information. This includes strengthening the
cybersecurity posture of federal agencies, improving the sharing of threat
intelligence between government and private sector, and promoting the adoption
of best practices for cybersecurity. The strategy also includes a plan to
modernize and secure federal IT infrastructure, including the adoption of zero
trust architectures, multi-factor authentication, and encryption.
The second pillar of the strategy focuses on the security
and resilience of critical infrastructure. This includes working with industry
partners to identify and mitigate vulnerabilities in critical infrastructure,
promoting the adoption of best practices for securing industrial control
systems, and improving the sharing of threat intelligence related to critical
infrastructure. The strategy also includes a plan to establish a voluntary
framework for securing critical infrastructure, similar to the NIST Cybersecurity
The third pillar of the strategy focuses on combating
cybercrime and improving law enforcement cooperation. This includes increasing
resources for investigating and prosecuting cybercrime, improving international
cooperation to combat cybercrime, and promoting the adoption of best practices
for law enforcement cooperation. The strategy also includes a plan to establish
a national cyber response and recovery fund to help victims of cybercrime
recover from attacks.
The fourth pillar of the strategy focuses on promoting
responsible behavior in cyberspace. This includes promoting the adoption of
international norms for responsible state behavior in cyberspace, promoting the
adoption of industry-led best practices for cybersecurity, and improving public
awareness of cybersecurity risks and best practices. The strategy also includes
a plan to establish a national cybersecurity workforce development program to
help address the shortage of cybersecurity professionals in the United States.
The National Cybersecurity Strategy has the potential to
have a significant impact on cybersecurity in the United States. By promoting
collaboration between government, private sector, and international partners,
the strategy recognizes that cybersecurity is a shared responsibility. The
strategy's focus on critical infrastructure is particularly important, as cyber
attacks on critical infrastructure can have significant economic and national
The strategy's emphasis on promoting responsible behavior in
cyberspace is also significant. Cybersecurity is not just a technical problem;
it is also a human problem. By promoting the adoption of industry-led best
practices and improving public awareness of cybersecurity risks and best
practices, the strategy recognizes the importance of human behavior in
The strategy's plan to modernize federal IT infrastructure
is also significant. Federal agencies have long been criticized for their
outdated IT systems, which are often vulnerable to cyber attacks. By adopting
modern cybersecurity practices, federal agencies can improve their
cybersecurity posture and reduce the risk of cyber attacks.
However, the success of the National Cybersecurity Strategy
will depend on its implementation. The strategy includes a series of actions to
be taken by the government and private sector, but it is not clear how these
actions will be prioritized or funded. Additionally, the strategy's success
will depend on the ability of government and private sector organizations to
work together to improve cybersecurity practices. This may be challenging, as
the private sector may be hesitant to share sensitive information with the
The new rules have not been without controversy, however.
Some have argued that the rules do not go far enough in addressing the
cybersecurity challenges facing the United States. For example, some have
called for the creation of a dedicated cybersecurity agency to oversee and
coordinate cybersecurity efforts across the federal government.