National Cyber Director Sean Cairncross on Tuesday outlined six core pillars of the forthcoming national cybersecurity strategy, signaling a streamlined approach aimed at better aligning cyber policy and resources across the federal government.
Speaking at ITI’s “The Intersect” summit in Washington, D.C., Cairncross said the strategy will be a “short, to-the-point document” designed to focus agencies on outcomes rather than process. He said the strategy will be released “sooner rather than later.”
The first pillar, Cairncross said, centers on shaping adversary behavior by reducing the incentives for malicious cyber activity.
“Shaping adversary behavior is the first [pillar]. It’s an important piece of this puzzle for us,” he said, explaining that the goal is to “dent the incentive” for adversaries to engage in cybercrime.
A second pillar focuses on the regulatory environment, with an emphasis on improving coordination with industry across multiple sectors.
The remaining pillars include securing and modernizing the federal government, securing critical infrastructure, maintaining U.S. dominance in emerging technologies, and closing cybersecurity skills and workforce gaps.
“In each of those different pillars, we have various lines of effort, many of which are underway right now,” Cairncross said, adding, “What we are concerned with – and what President Trump is always concerned with – is action and results.”
Cairncross said the strategy’s success will depend heavily on coordination across agencies and with the private sector. He noted that the White House Office of the National Cyber Director (ONCD) is working closely with other federal agencies and industry stakeholders as the strategy is finalized.
He also pointed to parallel work underway with the White House Office of Science and Technology Policy on a separate policy framework focused on artificial intelligence (AI) security.
“We’re working on an AI security policy framework right now,” Cairncross said. “Our goal is, as we move forward, and the president is very forward leaning on the innovation side of AI, we are working to ensure that security is not viewed as a friction point for innovation, but it is built into that system.”
Cairncross said that the AI framework aligns directly with the emerging technologies pillar of the forthcoming cyber strategy.
At the same time, he emphasized that industry feedback will play a critical role in shaping both efforts.
“Our office needs help. We need input from you. I can’t make this up on my own. You know your regulatory scheme better than I do,” Cairncross said. “It is helpful for us to hear that and have that feedback so that we can address it, engage it, and try to make it better – which we will do.”