White House issues Version 2 of the National Cybersecurity Plan

RICHARD WEINER
Technology for Lawyers
Published: August 2, 2024

The White House has issued a tightened-up rewrite of the National Cybersecurity Plan while I was away on vacation in Italy.
The plan now centers around five “high impact” points, designed to improve the country’s data security and resilience. Here are the five “pillars” in the new version:
One: Defend Critical Infrastructure.
This has long been a priority for the administration and for virtually everyone who writes on the topic of cybersecurity. Included here are increasing security in the public health sector, which has been plagued by ransomware lately. The plan wants this sector to provide specific cybersecurity performance goals. Also included here are the establishment of an Education Facilities Sub-Sector Government Coordinating Council and dealing with the extremely important water and wastewater cybersecurity sector by utilizing best practices across the sector.
Two: Disrupt and Dismantle Threat Actors.
Create multi-jurisdictional teams, particularly to combat juvenile hackers. Actually, the gov’t has been doing pretty well here, particularly against the Russians and Chinese state actors.
Three: Shape Market Forces to Drive Security and Resilience.
This includes voluntary action to create more security for the Internet of Things (IoT: i.e. your smart refrigerator), and also R&D for cybersecurity labelling for energy products.
Four: Invest in a Resilient Future.
Resilience means both the ability to bounce back quickly after major hacks (unlike, say, the City of Akron recently), and also to bend the workforce to reflect the future. So this includes training a future cybersecurity workforce, increasing the diversity of that workforce, and expanding access to training in cybersecurity.
Five: Go International.
Forge international cybersecurity agreements. This would include setting international standards (from people who can’t set standards for money, time, electric plugs or international security measures). This pillar includes investment in developing standards-based networks through investments from the Pubhlic Wireless Supply Chain Innovation Fund (PWSCIF). The PWSCIF is a fund authorized by the 2021 National Defense Authorization Acct and funded by the Chips Act. If you’re not familiar (I was not).
Of course, these are all executive orders, so they have an uncertain political life.
Thanks to Covington & Burling LLP for the analysis, via Lexology.

[Back]

The Akron Legal News • 60 South Summit St. • Akron, Ohio 44308 • Phone: 330-376-0917 • Fax: 330-376-7001