The forthcoming cybersecurity strategy from the White House Office of the National Cyber Director (ONCD) will focus on imposing costs on adversaries and strengthening partnerships with industry, National Cyber Director Sean Cairncross said Tuesday.
Speaking at the Aspen Cyber Summit in Washington, Cairncross reiterated his previous public comments that the strategy will be a short document – not a 100-page strategy.
“We are working in very close partnership with our interagency colleagues to develop this strategy and get it out the door,” Cairncross said. “It’s going to be a short statement of intent and policy, and then it will be paired very quickly with action items and deliverables under that.”
“As a top-line matter, it’s going to be focused on shaping adversary behavior, introducing costs and consequences into this mix,” Cairncross said.
The United States has “not done a terrific job of sending a signal to our adversaries that this behavior is not consequence-free,” Cairncross said. He stressed the importance of making that sentiment clear to adversaries, especially as cyberthreats become more aggressive with the rise of artificial intelligence.
“We’re focused on … partnership with industry and streamlining the regulatory environment, and then working with industry so you all are aware of what the [U.S. government’s] priorities are, sector by sector, the things that we would like to see protected, and then working with you to free up those resources to protect those assets.”
“So, those are two of the pillars. There will be six of them total,” he announced.
Additionally, Cairncross said that ONCD is working on a workforce initiative to help close the cybersecurity workforce gap. With over half a million open cybersecurity jobs, he said there is a critical need to align industry, academic, vocational school, and venture capital incentives “to better the workforce for the country.”
“We are trying to put together an academy and a program, working with academic programs that exist,” Cairncross said. “To be clear, I’m not asking for new authority. I’m not going to dig up new money.”
“We are talking about aligning things that exist within the federal government right now, things that are already in play at institutions around the country, and uniting them under one strategy to seed incubators, teach people how that culture works, [and] have a service component to people who go through the program,” he said, adding, “We’re excited about it. And I think there’s a lot coming down the pike.”
As for a timeline for the coming strategy and deliverables, Cairncross said ONCD is “pressing to get things moving as quickly as we can.”
“We’re going to go in sequence. We’re going to roll out a strategy. We will roll out an action plan, and under that plan, there will be lines of effort under those pillars, and then we’ll start moving deliverables,” he said.
Currently, he said, ONCD is “socializing” the strategy and getting feedback and buy-in from interagency partners.
FBI Cyber Division Assistant Director Brett Leatherman said his agency has already seen the strategy and helped provide feedback to ONCD.
“Luckily for us, we have seen the entirety of that strategy in the FBI and across the interagency, and we’ve contributed to that strategy,” Leatherman said during a separate panel at the Aspen Cyber Summit.
Leatherman said the FBI wants to apply expertise from subject matter experts within different cyber disciplines to the strategy “in a way that makes it meaningful [and] actionable.”
In doing so, he said that after the release of the strategy, the FBI “can go down those lines of effort and really focus on each individual effort, whether it’s offensive-based work or defensive-based work.”
“I think having a strategy like that really does rally the interagency around certain lines of effort,” Leatherman said.