National Cybersecurity Strategy Implementation Plan (NCSIP) Strengthens Government Cybersecurity Efforts

July 18, 2023
Data Protection


National Cybersecurity Strategy Implementation Plan (NCSIP) Strengthens Government Cybersecurity Efforts

Even the US government isn’t immune to cyberattacks. Tech giant Microsoft recently discovered another Chinese cyber-espionage campaign, with this one compromising at least 25 organizations. Although details are still coming in, the Department of Commerce appears to be one of the victims.

While the Department of Commerce was able to take immediate action, it’s hoped that the government’s National Cybersecurity Strategy Implementation Plan (NCSIP) will prevent — or at least mitigate potential damage from — future cyberattacks.

Introduced back in March and published July 13, 2023, the NCSIP establishes a vision for how the US allocates roles, responsibilities, and resources for battling cyberattacks and increases incentives for long-term investments into cybersecurity. The plan is designed to ensure transparency and coordination among the federal government’s many agencies in realizing this vision.

This is the first iteration of the NCSIP, which will be updated annually. Eighteen agencies are leading initiatives in the plan.

The Office of the National Cyber Director (ONCD) will coordinate activities, including an annual report to the President and Congress on the status of implementation, and partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives. The government will also continue efforts to strengthen collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal, and territorial governments.

NCSIP at a Glance

So what’s in the NCSIP? It details over 65 high-impact initiatives, each assigned to a responsible agency and with a timeline for completion. The initiatives are based on five pillars:

Pillar 1: Defending Critical Infrastructure

This includes the Cybersecurity and Infrastructure Security Agency (CISA) taking the lead in updating the National Cyber Incident Response Plan to ensure the government acts in a coordinated manner during a cyber incident.

Pillar 2: Disrupting and Dismantling Threat Actors

One of the main initiatives under this pillar is for the FBI to strengthen the capacity of the National Cyber Investigative Joint Task Force (NCIJTF) to coordinate takedown and disruption campaigns with greater speed, scale, and frequency.

Pillar 3: Shaping Market Forces to Drive Security and Resilience

This pillar includes an initiative for the CISA to work with stakeholders to move forward with software bill of materials (SBOM) requirements. This will help ensure that all companies in the supply chain providing the US government with software and services are sufficiently protected against cyber-attacks reducing gaps in scale and implementation.

Pillar 4: Investing in a Resilient Future

Among the initiatives under this pillar is for the National Institute of Standards and Technology (NIST) to complete the standardization of one or more quantum-resistant public key cryptographic algorithms. In 2022, the NIST selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer. They’ll become part of NIST’s post-quantum cryptographic (PQC) standard.

Pillar 5: Forging International Partnerships to Pursue Shared Goals

Initiatives under this pillar include the Department of State publishing an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities.

A Sixth Section

The NCSIP adds a sixth section not contained in the original strategy — Implementation-wide Initiatives. The two initiatives in this section call for reporting on strategy implementation progress, applying lessons learned from implementing the strategy, and ensuring federal budgetary guidance aligns with the strategy’s implementation. The funding aspect is particularly critical to executing the objectives.

Where the Plan Stands and What’s Missing

Some initiatives, such as the release of the Administration’s Cybersecurity Priorities for the Fiscal Year 2025 Budget, have been completed ahead of schedule. Other activities, such as transmitting the May 26th Department of Defense 2023 Cyber Strategy to Congress, and the June 20th creation of a new National Security Cyber Section by the Justice Department, are key milestones in completing initiatives.

One thing missing from the NCSIP, however, is the topic of cloud security. With the ubiquitousness of the cloud and the many attack vectors it includes, it’s increasingly important to make cloud security a priority at the public, private and government levels. It’s hoped that future iterations of the plan address this.

Your Cybersecurity Strategy

The release of the NCSIP serves as a strong reminder that all organizations need to implement a comprehensive, constantly reviewed, and updated cybersecurity plan. Self-administered or third-party IT security assessments can help identify gaps and needs.

US Signal’s IT security professionals are available to assess and help strengthen your organization’s security posture. Learn about some of our services here. Or contact us for consultation. Phone: (888) 663-1700 or email: [email protected].