SHARED INTEL: The expected impacts of Pres. Biden’s imminent National Cybersecurity Strategy

By Shannon Flynn

The United States will soon get some long-awaited cybersecurity updates.

Related: Spies use Tik Tok, balloons

That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts. Here’s a look at some broad themes to expect and how they will impact businesses:

•New vendor responsibilities.  Increased federal regulation puts more responsibility on hardware and software vendors compared to the customers who ultimately use their products.

Until now, people have primarily relied on market forces rather than regulatory authority. However, that approach often leads to bug-filled software because makers prioritize new product releases over ensuring they’re sufficiently secure.

These changes mean business representatives may see more marketing materials angled toward what hardware and software producers do to align with the new regulations. Product labeling may also become easier to understand, acting somewhat like food nutrition labels, except centered on security principles.

Coverage of the strategic security program from people with firsthand knowledge of the draft document suggests congressional action or executive authority will regulate how all critical sectors handle cybersecurity. It’s still unclear what that looks like in practice, but it certainly signifies a major change.

•Expanded cybersecurity budgets. Statistics suggest almost 50 percent of employees have never received cybersecurity training. It’s also easy to find research elsewhere highlighting how workers frequently make errors that might seem meaningless but ultimately expose files or corporate networks to cyberattacks and other risks.

The heightened awareness as more people became aware of the Biden administration’s plan helped spur a change that caused elevated stock market activity for several cybersecurity companies. This may have happened because people at more companies recognized the need for such products. After all, cybersecurity awareness training for employees is vital, but it can only go so far. Businesses must also invest in specialized tools for network monitoring and security.

However, those familiar with the content of the strategic cybersecurity program say not to expect uniform standards to apply across industries. Previous U.S. presidents have tried that without getting the desired effects. That means it’s best to wait and see Biden’s intentions before increasing cyber investments.

•Critical infrastructure revisions. Analysts also believe part of Biden’s strategy for cybersecurity will rewrite a policy from President Obama’s era that provides stipulations for keeping essential infrastructure secure. It may also include details about which types of companies fall into that category. If so, entities like cloud providers might need to take additional steps to maintain security. The same would likely be true for utility, telecommunications and transportation businesses.


However, it’ll take a while to implement even once the Biden administration’s plan is officially published. That gives all affected companies time to make any necessary adjustments, regardless of whether they’re categorized as critical infrastructure providers.

People working at businesses highly likely to need stronger cybersecurity under the new strategy should consider consulting with cybersecurity experts. Those parties can advise them about where gaps remain and how the business is already doing well by following best practices for security.

Big changes lie ahead for U.S. cybersecurity policies and practices. The previewed content of cybersecurity plans from the Biden administration indicates people should expect significant shifts from what past leaders have tried. However, even once the details of this cybersecurity strategic plan are publicized, it’ll take a while before whatever’s different is widely adopted. Business leaders should be ready to act but refrain from making any relevant decisions before getting the details straight from the source.

About the essayist: Shannon Flynn is managing editor of ReHack Magazine. She writes about IoT, biztech, cybersecurity, cryptocurrency & blockchain, and trending news.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone