The US National Cybersecurity Strategy, unveiled in March 2023, marks a significant shift in the government’s approach to combating cyber threats. This strategy has not only emphasized the importance of collaborating with international allies but has also highlighted the need for a reorganization of responsibilities and resources in the cybersecurity realm.
During CRESTCon Europe in London on May 18, 2023, Andy Williams, CEO of Global Transatlantic Ltd and co-founder of the Transatlantic Cybersecurity Business Network (TCBN), shared key insights from the strategy. He emphasized two crucial changes that the US government aims to implement:
1. Shifting the burden of cybersecurity from individuals, small businesses, and local governments to specialized organizations focused on combating cyber incidents.
2. Realigning incentives to encourage long-term investments in cybersecurity.
In line with these objectives, the US government has recognized the importance of engaging in international initiatives. Williams highlighted the Counter Ransomware Initiative (CRI) as a prime example of this collaborative approach. Launched in November 2022, the CRI involves 36 countries, including the Five Eyes alliance (US, UK, Canada, Australia, New Zealand) and the 27 EU member-states, among others.
The CRI encompasses various initiatives, such as the International Counter Ransomware Task Force (ICRTF) led by Australia, task forces dedicated to combating financial cyber-crime led by the UK and Singapore, a shared investigation toolkit, joint advisories, capacity-building tools, and bi-annual counter-ransomware exercises.
Williams noted the significance of seeing countries like Australia and Singapore taking lead roles within a US-backed initiative, signaling a shift towards more collaborative international efforts in cybersecurity. This shift is attributed to new leaders in the US cybersecurity community and President Joe Biden’s commitment to broader initiatives like the CRI.
The success of the CRI was evident in the January 2023 dismantling of the Hive ransomware group by US law enforcement, showcasing the impact of international cooperation in combating cyber threats. Additionally, initiatives like the post-quantum competition by the US National Institute of Standards and Technology (NIST) and the Digital Security by Design (DSbD) project, funded by the US and UK, demonstrate a growing trend towards global collaboration in cybersecurity efforts.
Overall, the US National Cybersecurity Strategy reflects a strategic shift towards international partnerships and a redefined approach to cybersecurity, emphasizing collaboration, resource reallocation, and long-term investments to address evolving cyber threats effectively.