1. Securing Critical Infrastructure
The Strategy recognizes a shared responsibility between the private sector and the Federal Government to secure the Nation’s critical infrastructure. The Administration will work with the private sector to mitigate vulnerabilities in the following priority areas identified as having the highest national risk: National Security, Energy and Power, Banking and Finance, Health and Safety, Communications, Information Technology, and Transportation.
The Strategy commits to leveraging information and communications technology providers as cybersecurity enablers due to their unique position to detect, prevent, and mitigate risk before it impacts their customers. The Government will, therefore, invest in this critical infrastructure, share classified threat and vulnerability information with cleared operators, and convene stakeholders to devise cross-sector solutions to challenges.
Transportation and maritime cybersecurity improvements are also identified as vital to economic and national security. Enhanced mechanisms for international coordination and information sharing and the development of next-generation maritime infrastructure will be promoted to assure the uninterrupted transport of goods in the face of cyber threats.
2. Improving Incident Reporting and Combating Cybercrime
The Strategy encourages the reporting of intrusions and theft of data, especially by critical infrastructure partners. The Administration will work with Congress to modernize electronic surveillance and computer crime laws to enhance evidence-gathering abilities. Law enforcement will work with private industry to confront technological barriers, such as anonymization and encryption, to obtain time-sensitive evidence.
3. Promoting American Prosperity by Developing a Superior Cybersecurity Workforce and Promoting American Innovation in Cybersecurity
The Government will support and protect cutting-edge technologies and reduce U.S. companies’ barriers to market entry. The Strategy identifies support for technologies such as artificial intelligence, quantum information science, and next-generation telecommunication infrastructure. The review of Federal Communications Commission referrals for telecommunications licenses will also be formalized and streamlined to ensure the security and availability of telecommunications networks.
A superior cybersecurity workforce is sought through the use of merit-based immigration reforms, expanded educational opportunities, and the use of executive authority to highlight and reward cybersecurity educators and professionals.
4. Expanding Consequences for Irresponsible Behavior that Harms the United States and its Partners
The Strategy states that all instruments of national power, including kinetic and cyber military action, are now available to prevent, respond to, and deter malicious cyber activity.
5. Promoting a Multi-Stakeholder Model of Internet Governance and an Open, Interoperable, Reliable, and Secure Internet
The U.S. will promote a model of Internet governance that is characterized by transparent, bottom-up, consensus-driven processes that enable governments, the private sector, civil society, academia, and the technical community to participate.
To strengthen U.S. industry’s competitive position in the global digital economy, the U.S. will support and invest in communications infrastructure and Internet connectivity that is open, interoperable, reliable, and secure.