In March, the White House announced the highly anticipated National Cybersecurity Strategy, which proposed a decade’s worth of bold plans through a comprehensive five-pillar strategy that aims to enhance the country’s cybersecurity posture by introducing various programs. The National Cybersecurity Strategy aligns with the wider National Security Strategy, acknowledging that as a nation and society, we are at a crucial juncture with a multitude of significant challenges confronting us. These challenges include threats to the security of critical infrastructure, the weight placed on end-users and small businesses, and the increasing and changing risks posed by Russia, China, Iran and North Korea.
The first of the five pillars of the strategy is specifically centered on defending critical infrastructure, highlighting that the systems and assets that make up the nation’s critical infrastructure are vital to the country’s security, public safety and economic prosperity. Backed by the support of the current administration, the 16 sectors of critical infrastructure must now work to create modern cybersecurity strategies that will provide resilience and protection, making it more essential than ever to lean on the right tools that will help adhere to the strategy.
What the strategy means for critical infrastructure
The need to defend critical infrastructure was top of mind for many ahead of the announcement of the strategy, with both the Colonial Pipeline ransomware attack and multiple attacks on water treatment facilities that continue to reinforce the need for improved protection and resiliency from both state-sponsored actors and individual attackers alike. Through the strategy, the White House is calling for new regulation that is not only for critical infrastructure but regulatory frameworks that are sector-specific.
While the idea of sector-specific frameworks is a good one, these frameworks are not one-size-fits-all and have specific guidance and controls that can be very beneficial. There is a lot of work to be done on defining the sectors, the frameworks, getting buy-in from the industries and providing guidance on not just implementation, but how they will be measured and enforced. This is critical because a framework with no enforcement is entirely voluntary and runs contrary to the goal of rebalancing the responsibility of defending cyberspace. As we’ve seen as an industry, getting a standard built, especially a collaborative one, can be extremely time-consuming, and the ability for it to become watered down and lack the teeth to drive change is always a risk in the development and refinement process.
An interesting element of the first pillar under the goal of “Scale Public-Private Collaboration” is to continue to invest not only in the multi-directional sharing of information but also in security orchestration tools. This is not the first time the current administration has called for security orchestration to be leveraged to meet ongoing cybersecurity challenges. In the administration’s first year, the Office of Management and Budget sent out M-21-31 calling for security orchestration, automation and response (SOAR) in response to the SolarWinds breach, followed by the Federal Zero Trust strategy that emphasized SOAR solutions as a practical necessity for federal agencies grappling with increasing security threats.
Why security automation?
The need for security automation to address cybersecurity pain points is not a new concept, but it’s surely in the spotlight now. So why does it continue to be a thread within executive orders and strategies from the current administration? According to the strategy, leveraging SOAR enables critical infrastructure organizations to enable real-time, actionable and multi-directional sharing to drive threat response at machine speed. Without security automation, there is simply no feasible way for critical infrastructure organizations, federal agencies or large enterprises in the private sector to handle an increasing volume of security alerts, disconnected tools and complex processes all while facing a talent shortage.
As cyber threats impacting critical infrastructure continue to evolve, these organizations need solutions that are easy to navigate and allow anyone at the organization to contribute their knowledge and expertise to the organization’s protection. Low-code security automation is a crucial component in accelerating the adoption of SOAR that ultimately makes it easier for organizations to comply with mandates and new strategies. Through low-code powered automation, security teams can easily implement cybersecurity playbooks that enrich and process real-time data. Automation platforms built on low-code are also designed to enable anyone from junior security analysts to line-of-business leaders to participate in building security automation workflows.
Preparing for what lies ahead
The National Cybersecurity Strategy outlines excellent high-level concepts that aim to modernize the federal government’s cybersecurity approach, recognizing the need for collaboration from both the public and private sectors. However, there are still uncertainties about how quickly and effectively these ideas can be implemented, especially given the limited timeframe of an executive administration that lasts a maximum of eight years and the unavoidable leadership changes that come alongside that. It is important to note that tangible progress in cybersecurity requires not only a sound strategy but also tools that allow for flexibility and support in defending against the evolving threats organizations face today.
Cody Cornell is co-founder and chief strategy officer of Swimlane.