Last week, the Biden Administration released its National Cybersecurity Strategy 2023, which details a comprehensive approach with strategic objectives to ensure a better and more secure U.S. cyberspace and digital ecosystem. The strategy references standards developing organizations (SDOs) and highlights leveraging standards to support technologies that are more secure and resilient.
The U.S. Department of State notes that the U.S. faces “a complex threat environment, with state and non-state actors developing and executing novel campaigns to threaten our interests.” To that end, next-generation technologies are reaching maturity at an accelerating pace, creating new pathways for innovation, as well as increasing digital interdependencies.
The strategy sets out a path to address these threats and secure the promise of the digital future.
To support the strategy’s Strategic Objective 1.1, “Establish Cybersecurity Requirements to Support National Security and Public Safety,” the document notes that regulations should be performance-based; leverage existing cybersecurity frameworks, voluntary consensus standards, and guidance—including the Cybersecurity and Infrastructure Security Agency (CISA)’s Cybersecurity Performance Goals and the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity; and be agile enough to adapt as adversaries increase their capabilities and change their tactics.
Furthermore, the strategy asserts that by leveraging existing international standards in a manner consistent with current policy and law, regulatory agencies can minimize the burden of unique requirements and reduce the need for regulatory harmonization.
To support Strategic Objective 4.1, “Secure the Technical Foundation of the Internet,” the strategy notes that “preserving and extending the open, free, global, interoperable, reliable and secure Internet requires sustained engagement in standards development processes to instill our values and ensure that technical standards produce technologies that are more secure and resilient.”
Additionally, the strategy also asserts that the Indo-Pacific Economic Framework for Prosperity (IPEF) and the Americas Partnership for Economic Prosperity (APEP) create opportunities for the U.S. and regional governments to collaborate in setting “rules of the road” for the digital economy, including facilitating the development of technical standards, mechanisms to enable cross-border data flows that protect privacy while avoiding strict data localization requirements, and actions to foster supply chain
security and resilience.
“ANSI is pleased to facilitate the development of balanced, consensus-based standards that support secure and resilient technologies,” said Joe Bhatia, ANSI president and CEO. “ANSI applauds the administration in promulgating the benefits of standards in the National Cybersecurity Strategy, making clear that standards are a pathway towards a more secure cyberspace here in the U.S. and around the world.”
Access more details and standards references in the National Cybersecurity Strategy.