National Cybersecurity Strategy 2023: A Comprehensive Review of Its Pillars
The advent of the digital age has brought immense benefits to humanity in all sectors of life. However, the digitization of essential services also streamlined the potential for cyber-attacks, resulting in the inevitable need for cybersecurity measures. In response to this necessity, the White House recently released the National Cybersecurity Strategy 2023, a comprehensive framework for enhancing cybersecurity measures. The strategy's stance is based on five pillars aimed at defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals. In this blog post, we will review the National Cybersecurity Strategy 2023's pillars and explain how each can improve cybersecurity measures.
Pillar 1: Defend Critical Infrastructure
The first pillar, defend critical infrastructure, focuses on the security of the critical infrastructures that require cyber protection. It calls for collaboration between public-private sectors to establish cybersecurity requirements to protect critical infrastructure.
Pillar 2: Disrupt and Dismantle Threat Actors
The National Cybersecurity Strategy 2023 asserts that cyber-attacks are not only targeted at particular countries and their citizens but also extend to private businesses, international organizations and governments across the globe. The strategy proposes measures to identify, disrupt and dismantle threat actors by public-private operational collaboration and increase the speed and scale of intelligence sharing to defeat threats, adversaries, cybercrime and ransomware attacks.
Pillar 3: Shape Market Forces to Drive Security and Resilience
The third pillar is to shape market forces to drive security and resilience, with a focus on enhancing personal data security, IoT security and increasing accountability.
It is projected that there will be 25 billion+ IoT devices within the next 7 years, and protecting those devices from adversaries is very important for the nation’s cybersecurity strategy. Public Key Infrastructure (PKI) has been proven to be the most powerful solution for securing IoT devices.
Pillar 4: Invest in a Resilient Future
The fourth pillar is investing in a resilient future to ensure that cybersecurity measures keep up with evolving threats. Part of the National Cybersecurity Strategy 2023's investment is in the development of cryptography and blockchain technologies. The Post-Quantum Cryptography development initiative aims to create a foolproof system that can withstand the expected onslaught of advanced computing capabilities.
Did you know? HID PKI-as-a-Service (PKIaaS) is at the forefront of this evolution, protecting hundreds of customers globally with digital certificates whose lifecycles are completely automated. Long gone are the days of manually renewing each of your organizations’ certificates. It’s worth noting that HID’s innovations and excellence in global private TLS certificates has been recognized by the analyst firm, Frost & Sullivan.
Pillar 5: Forge International Partnerships to Pursue Shared Goals
The fifth and last pillar of the National Cybersecurity Strategy 2023 aims to promote international partnerships that can achieve shared goals. This means that collaboration between different countries will create better cybersecurity measures to benefit all. The focus will be on bilateral agreements and agreements on the global level.
What the National Cybersecurity Strategy Means for Public and Private Organizations
Cybersecurity has come of age, and with that, the prioritization of cybersecurity infrastructure is no longer a “nice to have,” but a “need to have.” As cyber-attacks have become increasingly sophisticated, a strong password is no longer enough to protect your organization’s data and networks. Passwords are becoming antiquated in favor of a Zero Trust and passwordless approach to cybersecurity.
Making the Case for Prioritizing PKI
PKI helps make the pillars outlined in the National Cybersecurity Strategy a reality as the gold standard for authenticating the users, devices, services and systems that connect to organizations’ networks. In addition to passwordless authentication for network access, PKI also enables the encryption of machine-to-machine communications within your network, regardless of where the members of your workforce are located geographically.
In headlines involving data breaches, it’s not uncommon for hackers to exploit vulnerabilities from something as simple as an expired security certificate that someone forgot to manually renew internally. With a solution like PKI-as-a-Service, hosted in the cloud and managed by external vendors such as HID, the manual process of renewing short-lived certificates is completely automated — removing human error from the certificate renewal process.
HID PKIaaS boosts agility and helps institutions respond to changing use cases and ever-evolving thread landscapes. To learn more about how some institutions are using PKI, grab a copy of our eBook, Cloud PKI Delivers Security at Scale. Here’s How >>
Mrugesh Chandarana is Product Management Director for Identity and Access Management Solutions at HID, where he focuses on IoT and PKI solutions. He has more than ten years of cybersecurity industry experience in areas such as risk management, threat and vulnerability management, application security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).