The White House’s cyber security coordinator is hoping the imminent release of the administration’s national cyber strategy will allow the federal government to take a more direct approach in rapidly eliminating vulnerabilities from network infrastructure.
A national cyber strategy is in the final stages of deliberation as the White House works to coordinate inter-agency policy suggestions into a cohesive plan, according to the administration’s cyber lead Rob Joyce.
“Now the important work of committing those policies together into a cohesive strategy is under way,” said Joyce at the Defense One Summit on Thursday.
Joyce did not offer a timeline for releasing the strategy, which is said to include outlines for offensive and defensive capabilities and how they may be used to respond to an act of cyber warfare, but said the administration was ironing out the final ten percent of policy details.
The strategy is an important step for civilian government to take a more directive approach to securing the resiliency of federal networks, according to Joyce.
The White House’s top cyber lead pointed to DHS’s recent issuance of a binding operational directive banning Kaspersky Lab software products from government computers (Defense Daily, Sept. 13) as an example of the ownership needed over federal networks.
“We ought to be able to do that at a rapid pace. We ought to be able to turn to elements in the civilian sector and have authoritative understanding of what’s on the network,” said Joyce.
The White House is also expected to release its updated inter-agency vulnerability assessment charter to the public soon, according to Joyce.
The charter, originally commissioned during the Obama administration, is intended to increase transparency on known flaws in federal networks and the work departments are conducting to eliminate threats.
“I would expect you’ll be hearing something, pretty shortly, in the next few weeks,” said Joyce.
Joyce believes the impending national cyber strategy will also begin to settle policy questions on defining acts of war in cyberspace, which he sees as threats against “the underpinnings our basic fabric of democracy.”
The conversation should focus on elements related to defensive cyber capabilities, possibly even more than offensive, when it comes to protecting critical infrastructure, according to Joyce.
“You’ve got to have the same level of rigor protecting dangerous things whether they’re in the physical world or the virtual world, and so the U.S. government gets that and is taking a lot steps towards ensuring that you can trust those capabilities to protect that,” said Joyce.