SIPA Scholars Contribute to President Biden’s New National Cybersecurity Strategy

Image

Last month the Biden-Harris administration released its National Cybersecurity Strategy, the country’s first comprehensive approach to addressing a broad range of cybersecurity issues. Ambitious in scope, the strategy draws from the core themes of two previous reports whose specific actions were inspired by research conducted by Columbia SIPA’s New York Cyber Task Force (NYCTF).

The first NYCTF report, released in 2017 and led by SIPA Professor Jason Healey, advanced the idea that cybersecurity will continue to languish until innovation is pushed by governments and companies in the private sector through leverage, granting the greatest advantage to the defender over attackers at the least cost and greatest scale.

“This is a guiding principle of the National Cybersecurity Strategy,” Healey notes, “which specifically calls for leverage to realign incentives to favor long-term cyber investments.”

The strategy also reflects the priorities of the NYCTF’s second report, published in 2020 and led by SIPA's Greg Rattray, which focuses more on operational collaboration. “We were happy to see the attention that operational collaboration received as a focus of the strategy,” said Rattray, who also co-founded the Cyber Defense Assistance Collaboration for Ukraine. “We’re hoping that the implementation plan can continue to build on the NYCTF work in establishing a national cyber response network that can truly enable the public and private sector to work ‘shoulder to shoulder’ as Chris Inglis, the inaugural national cyber director, so often put it.”

The National Cybersecurity Strategy is more evolutionary than revolutionary — which is a good thing.

— Erica Lonergan

Operational collaboration is a concept borrowed from the financial sector that moves beyond information-sharing models to establish active, side-by-side collaboration between the federal government and industry to improve cyber readiness, defense, and resilience.

Other notable elements of the strategy with input from the NYCTF include: Calling for regulations to improve cybersecurity at scale and shifting the burden of responsibility away from end-users; recognizing the necessity of operational collaboration across the public and private sectors; focusing on resilience while continuing to disrupt and dismantle cyber threats ; and highlighting the need for long-term investment in building U.S. cyber defenses and resilience.

"The National Cybersecurity Strategy is more evolutionary than revolutionary — which is a good thing,” said Erica Lonergan, who is executive director of SIPA's ongoing NYCTF, a former senior director for the U.S. Cyberspace Solarium Commission, and an incoming SIPA professor. “It is a clear effort to build on the progress of prior strategies and efforts, rather than entirely rewrite the manual.”

"It also implicitly acknowledges areas where the government has fallen short," she added, calling attention to operational collaboration and improved trust in the public-private partnership.