The National Cybersecurity Strategy proposed a different tact to protecting the country’s critical infrastructure, shifting the responsibility from end users to organization supplying systems while also creating incentives for those organizations to produce resilient systems.
And now there is an implementation plan that details how this administration is going to meet the goals laid out in the March-released plan with “65 high-impact initiatives requiring executive visibility and interagency coordination.” This is a more detailed implementation plan than any previous Administration has offered and provides a good deal more information on how the government is working toward the goals of the strategy.
For each of the initiatives there is a brief description, reference, and responsible agency. The initiatives range from regulatory harmonization, setting requirements for critical infrastructure, increasing the speed and scale of intelligence sharing and victim notifications, exploring a federal cyber insurance backstop, reinvigorating federal cybersecurity research, and strengthening cyber capacity with international partners. The implementation plan will be updated every year.
It is an ambitious plan and not without its share of challenges. Progress has already been made but that has been met with opposition. The Environment Protection Agency already issued new cybersecurity regulations for the water sector which has not exactly been met with open arms by everyone. The administration needs to help stakeholders find the resources to help these critical infrastructure agencies make the necessary updates.
Regulatory harmonization is another area that bears watching. Too often organizations are burdened with multiple audits that have overlapping requirements with different regulations. Simplifying regulations so if a requirement is met for one reg it can also be checked off for another would free up understaffed cybersecurity offices to focus on other areas.
Two other areas that bear watching is around software liability and Software Bill of Materials (SBOM). The Office of the National Cyber Director (ONCD) will be looking at approaches for a software liability framework and CISA will be leading the initiative on SBOM.
Overall, the implementation plan is impressive in its scope and detail. The Center looks forward to working with ONCD and the other responsible agencies to help implement the strategy.
Read Next
Cairncross Outlines ONCD Priorities Under Second Trump Administration
National Cyber Director Sean Cairncross laid out his and the Trump Administration’s vision for the future of the Office of the National Cyber Director (ONCD) during remarks at the 2025 Meridian Summit in Washington DC.
Meeting the Homeland Drone Threat: A Table-Top Exercise Exposes the Gaps in Authorities and Resources
A tabletop exercise explored the threat posed by the malicious use of drones to the homeland, involving public and private sector participants responding to hypothetical attacks on an air base, electricity grid, and a local hockey game.
FedRAMP Unveils Next Phase of Modernization
ADI and FedRAMP hosted an event unveiling FedRAMP 20x Phase II, which discussed accelerating and automating cloud service authorization for federal use and cutting down time, effort, and paperwork in favor of efficiency, trust, and cybersecurity.
