The US National Cybersecurity Strategy, introduced in March 2023, marks a significant shift in the government’s approach to combating cyber threats. This new strategy emphasizes collaboration with international allies to strengthen cybersecurity efforts. Andy Williams, CEO of Global Transatlantic Ltd and co-founder of the Transatlantic Cybersecurity Business Network (TCBN), highlighted key insights from the strategy at CRESTCon Europe in London on May 18, 2023.
According to Williams, the US government recognized the need for two fundamental changes in cybersecurity allocation:
1. Shifting the responsibility of cybersecurity from individuals, small businesses, and local governments to specialized organizations.
2. Encouraging long-term investments in cybersecurity by realigning incentives.
In line with these objectives, the US government acknowledged the importance of engaging in international initiatives. For the first time, there is a genuine intent to collaborate with allies on a global scale, as stated in the strategy document.
One prominent example of this international collaboration is the Counter Ransomware Initiative (CRI), a multinational effort launched in November 2022 involving 36 countries, including the Five Eyes alliance and several EU member states. The CRI aims to combat ransomware through initiatives such as the International Counter Ransomware Task Force (ICRTF) led by Australia, task forces dedicated to fighting financial cyber-crime, shared investigation toolkits, joint advisories, capacity-building tools, and bi-annual exercises.
Williams noted that it is intriguing to see countries like Australia and Singapore leading task forces within the CRI, a traditionally US-led initiative. This shift in leadership highlights the evolving landscape of international cybersecurity cooperation.
The decision to engage in such international initiatives can be attributed to new leadership within the US cybersecurity community. President Joe Biden hinted at broader initiatives like the CRI in his Executive Order on Improving the Nation’s Cybersecurity in May 2021. The success of the CRI was evident in the January 2023 dismantling of the Hive ransomware group by US law enforcement.
Furthermore, initiatives like the post-quantum competition by the US National Institute of Standards and Technology (NIST) and the Digital Security by Design (DSbD) project, funded by the US and UK, demonstrate a shift towards global collaboration in cybersecurity efforts.
In conclusion, the US National Cybersecurity Strategy underscores the importance of international cooperation in combating cyber threats. By working closely with allies and engaging in multinational initiatives, the US government aims to enhance its cybersecurity capabilities and protect against evolving cyber threats on a global scale.