The five principles underpinning the new US administration’s vision to strengthen the nation’s cyber-resilience were outlined by the Department of Homeland Security (DHS) secretary Alejandro Mayorkas during a RSAC webcast.
Mayorkas began by emphasizing the need for the public and private sector to work closely together to defend against, and respond to, rising cyber-attacks. “The government does not have the capacity to achieve our nation’s cyber-resilience alone – so much of our critical infrastructure is in the private sector’s hands,” he pointed out.
Mayorkas also believes the SolarWinds attacks at the end of last year shows the need for the government to modernize its cybersecurity strategies. He noted: “It wasn’t until one of the world’s best cybersecurity company’s got hacked itself and alerted the government that we found out.”
With this in mind, Mayorkas set out the five principles that will guide the current Biden-Harris’ administration’s cybersecurity vision for the US.
1. Championing a free and secure cyberspace: Mayorkas said it is vital to understand the current geo-political trends, which include a regression in democratic ideals, that are impacting the digital space. “Far too often cybersecurity is used as pretext to infringe on civil liberties and human rights,” he commented. As a result, it is vital the US stands up and champions a free and secure cyberspace both “with words and actions.”
2. A focus on cyber-resilience as well as defense: Bold innovations, widescale investments and a raising of the bar for essential cyber-hygiene are all required to ensure the nation is fully cyber-resilient, according to Mayorkas. He added it is important to acknowledge that “no-one is immune from attacks, including federal government or our most advanced technology companies.” Therefore, having a prepared response to breaches is vital alongside preventative measures. Mayorkas also revealed the federal government is currently working on an executive order, focusing on improving its own cyber-resilience.
3. A risk-based approach, based on data: The government needs a fact-based framework to be fully aware of the risks both at home and abroad, enabling it to identify the biggest dangers and act accordingly. Mayorkas outlined that “a focus on a risk-based approach, determining what risks to prioritize and how to allocate limited resources, is crucial to maximizing the government’s impact.”
4. Shared responsibility: At the heart of the administration’s approach to cybersecurity is the principle of collaboration between the government and private sector. In particular, developing a relationship where information is distributed and shared rapidly to deal with threats. “We must strengthen collaboration between the private sector and government to generate the insights necessary to detect malicious cyber-actors,” stated Mayorkas.
5. Integrating diversity, equity and inclusion: Finally, Mayorkas emphasized the importance of facilitating equal access to professional development opportunities in cybersecurity, both to help fill the cyber-skills shortage and develop better policies. “Developing sound public policy requires diverse perspectives from communities that represent America. It requires the recruitment, development and retention of diverse talent,” explained Mayorkas.
He added that the Biden-Harris administration is determined to action these principles and modernize the US’ approach to cybersecurity during its tenure. “President Biden has made cybersecurity a top priority for his administration,” said Mayorkas.