The NCSIP “is a big step toward establishing how the U.S. intends to approach the resources, responsibilities and requisites for effective nationwide cybersecurity moving forward,” says Todd Moore, vice president of encryption products at Thales Group.
Within the five pillars, “we’re seeing a strong focus on defending critical infrastructure, disrupting cybercriminals, shaping market forces to drive security and resilience, investing in a secure future, and forging international partnerships to elevate the global security ecosystem,” Moore says.
In calling for closer coordination between government and the private sector, the plan “signals accountability for not only federal agencies but also industry doing business with agencies,” says Alice Fakir, lead partner for federal security services at IBM. “That accountability translates into the agency’s ability to better define scope of delivery and engagement with its industry partners.”
Security Audits and Public-Private Partnerships Are a Start
While the NCSIP isn’t a blueprint for agencies, they can still take a few steps to get moving, Moore says. For starters, agencies can run security audits to evaluate the effectiveness of their existing cyber measures and resources.
“Once they have their baseline, they can work out how to be compliant with the NCSIP and establish new regulations and initiatives to combat threat actors,” Moore says.
Agencies can also look to public-private collaborations to drive these efforts forward, internally and externally.
“Agencies should focus on relationship building within the sectors they regulate,” Moore says.
He points to the recent example of the Federal Energy Regulatory Commission, which incentivized cyber regulations for utility companies by permitting them to charge higher rates until they recoup their investments in the regulations.