Bolstering America’s Defenses on Cybersecurity
Why implementing the Biden administration's sensible path forward requires bipartisan support and private sector cooperation
Daily images of Russia’s destructive war against Ukraine have drawn our attention away from emerging threats in other areas, including the cyber realm—even though cyber warfare has been a key part of the campaign. Working together with private technology companies like Microsoft and Google, the United States and its allies took a number of measures to defend Ukraine from Russia’s cyberattacks during the first days and weeks of the war.
But cybersecurity challenges continue to evolve rapidly with technological advances. These threats know no borders, as seen in the regular stream of attacks and hacks targeting critical infrastructure and key national security institutions in America. Indeed, the cyber realm is playing an increasing role in all of our lives, and the COVID-19 pandemic accelerated this trend. As information technology and computer networks advance further, the “Internet of Things” will connect billions of physical devices and consumer products to the cyber realm, collapsing the borders between the offline and the online—deepening digital dependencies and interlinkages across the globe along the way.
As a Council on Foreign Relations report released last year argued, “U.S. policy towards cyberspace and the Internet has failed to keep up” with the rush of new developments. The report painted a worrisome picture of a world, arguing that the era of the global Internet is over as China and Europe develop their own systems to manage and regulate the Internet. What’s more, the shifting geopolitical landscape at a time of major technological change will introduce more unpredictability and uncertainty in the international system.
The United States will need to continuously update its strategic thinking on this front as technology evolves, and the National Cybersecurity Strategy recently released by the Biden administration shows just how much work lays ahead.
Biden’s Cybersecurity Strategy Offers a Long-Term Game Plan
This strategy provides a clear roadmap forward, laying out five main pillars supported by several strategic objectives.
Defend critical infrastructure. This pillar includes measures to integrate the efforts of federal government agencies and boost collaboration between the public and private sectors.
Disrupt and dismantle threat actors. A good offense is part of any good defense, and this section outlines steps the U.S. government will take, at times in cooperation with the private sector, to turn the tables against malicious state and non-state actors and put them on the defensive.
Shape market forces to drive security and resilience. The strategy recognizes the key role that the private sector plays in cyber realm, and it seeks to create incentives for companies to set higher standards and play their part in boosting America’s overall cyber defenses. It outlines a vision for setting mandates that assign more responsibility to the private sector, much in the same way that U.S. laws and regulations impose liability on automakers whose cars don’t meet certain safety standards.
Invest in a resilient future. This section highlights investments needed to keep America competitive in areas like quantum computing as well as research and development and to build new systems with interconnected hardware and software systems to advance a new clean energy grid.
Forge international partnerships to pursue shared goals. The strategy recognizes that America can’t go it alone in the cyber realm given the interconnected nature of the system—there’s no viable “offshore balancing” strategy for the cyber realm. It pinpoints actions such as building coalitions to bolster common defenses and working with other like-minded countries to bolster supply chain security for information, communications, and operational technology products and services.
Like many strategy documents released by the U.S. government, this cybersecurity strategy is a mix of actions already under way and proposed steps for the future. Some of these steps include measures that go beyond what the executive branch can do on its own and will require some work with Congress, as the strategy itself acknowledges. In particular, the proposal to shift liability for software from users to companies may produce the same divisions it has in the past. In addition, there will be challenges in building international coalitions even with like-minded countries in places like Europe because of gaps in regulations on privacy and data protection.
Overall, though, this document presents a clear argument that draws together the many components of public investments the Biden administration put into place in its first two years in office, including the CHIPS and Science Act, the Inflation Reduction Act, and the 2021 Bipartisan Infrastructure Law that included $65 billion in public investments to expand reliable high-speech Internet to areas of the country left behind in the digital divide. In many ways, this cybersecurity strategy offers a supporting argument for the national industrial policy that the Biden administration has advanced to help America compete globally in high-tech sectors that will shape the future.
It also paints a more coherent picture of what America should do on these sets of issues than did last year’s national security strategy. Where that document struggled to connect America’s foreign and domestic policies in clear and compelling ways, the new cybersecurity strategy does so effectively. In part that’s due to the fact that it’s fairly easy for ordinary Americans to intuitively understand how and why foreign government cyber-operations and organized cybercrime networks might pose a direct threat to their own well-being.
There’s still a lot of work to be done to implement this strategy, both in the executive branch and up on Capitol Hill. But the Biden administration appears to be on the right track when it comes to shoring up America’s porous cyber-defenses.