Black Hat USA 2023: Learn All About the National Cybersecurity Strategy

At Black Hat USA 2023, Kemba Walden, the White House’s acting national cyber director, shares the nation’s plans for defending critical infrastructure and driving resilience.

LISTEN

Your browser doesn’t support HTML5 audio

"The first time I realized security is an integral part of communities, I was much younger,” said Acting National Cyber Director Kemba Walden during a keynote session at Black Hat USA 2023.

“It was much earlier in my career. Before I was a lawyer, before the White House. I was working in Georgia [in Eastern Europe] and would drive across the border to Abkhazia to do conflict resolution,” she said.

At that time, Walden’s work was about developing programs that would help resolve tensions in that region, which borders the Russian Federation in the north and Georgia's Samegrelo-Zemo Svaneti area in the east. “I realized that security is essential to how a society evolves, and is integral to how people live with a feeling of safety and do new things.”

And in her mission, she would ask people: “How do you want to live? What do you need to feel safe? It was a very mission-driven way of working,” she said.

For Walden, these fundamental questions are still essential to creating an effective security strategy. In her Q&A session with Jason Healey, senior research scholar at Columbia University's School for International and Public Affairs, she applied these lessons to core components of the White House’s national cybersecurity strategy, which includes policies to strengthen critical infrastructure, dismantle threat actors and partner with global allies.

Here’s what she shared about the national strategy:

Click the banner below to become an insider and gain exclusive insights after Black Hat USA 2023.

How the NCS Promises Change to the Digital Ecosystem

For the first time in history, Walden said, the national cybersecurity strategy is publicly available on the White House’s website, along with its benchmarks for success. “If we are going to hold bad actors accountable, then we need to be accountable,” she said.

Walden is hopeful this strategy will promote change in the digital ecosystem. It dramatically “reimagines the American cybersocial contract,” she said in a 2023 statement for Congress.

The strategy states that “robust collaboration, particularly between the public and private sectors, is essential to securing cyberspace.” It also redistributes the responsibility of cybersecurity back to the government and big tech companies instead of individual end users.

EXPLORE: Learn about CDW's threat management solutions for your organization.

The Biden administration invested $65 billion through the Bipartisan Infrastructure Law on this issue. “This is a sign that we are making real policy to defend our data,” said Walden.

“Creating cybersecurity policy isn’t sexy. But it’s a superpower. We are out here really connecting with you to drive policy changes in a meaningful way.”

And because “digital technologies today touch nearly every aspect of American life, cybersecurity translates directly now into all-around safety,” Walden said, referencing lines in the strategy.

Security is essential to how a society evolves, and is integral to how people live with a feeling of safety and do new things.”
Kemba Walden

Acting National Cyber Director, Executive Office of the President

5 Pillars of the National Cybersecurity Strategy

The national cybersecurity strategy emphasizes internet freedom and was constructed with long-term defense and cyber resilience in mind, says Walden.

“No one is anti-cybersecurity. Everyone wants their data to be safe, and this strategy outlines the steps we need to take to mitigate risk on a national and global scale.”

The strategy includes 27 objectives and comprises five core pillars:

  1. Defend Critical Infrastructure: This involves new cybersecurity requirements that hold major corporate and industrial companies accountable for implementing cybersecurity best practices.
  2. Disrupt and Dismantle Threat Actors: This series of diplomatic initiatives holds bad actors accountable for malicious behavior, and includes arrests, imposed sanctions and an executive order that prohibits surveillance technologies.
  3. Shape Market Forces to Drive Security and Resilience: “This holds the stewards of data accountable,” the strategy states, placing responsibility on large-scale organizations and corporations to shift the consequences from everyday users.
  4. Invest in a Resilient Future: This pillar involves folding cyber resilience into every innovation or next-generation technology used commercially to improve security.
  5. Forge International Partnerships in Pursuit of Shared Goals: In an effort to strengthen cyberspace laws, the U.S. will build coalitions among domestic and international groups to increase threat intelligence in the hopes of creating a free, secure internet.

At its core, the strategy aims to promote positive digital connectivity and discourage any kind of repression or coercion of everyday internet users.

$65 billion

The amount invested by the Biden administration to ensure that Americans have safe and reliable internet without cybersecurity hacks

Source: whitehouse.gov, “A Guidebook to the Bipartisan Infrastructure Law,” 2021

How to Build a Future of Cyber-Aware Citizens

These policies lay the groundwork. But Walden also said that cybersecurity, as it relates to a communal sense of well-being, must also be part of our educational system. “How do we make digital literacy the same as writing and math? We need to make sure we are teaching cybersecurity to our kids so that it is fully folded into the fabric of our society,” she said.

This extends to training and upskilling employees on cybersecurity requirements and best practices. “If people are informed, they feel more equipped to take on challenges, so rather than stipulate the risks — which we can never reduce to zero — let’s focus on the defenses.”

DISCOVER: Can CDW's cybersecurity solutions help you manage risks? 

Healey noted that people are craving that level of intel. “Pop culture is fascinated right now with hackers and their abilities. They’re the enemy next door, and we’re always asking ourselves, ‘How did they hack the system?’”

“Yes, exactly,” Walden agreed, “but the right education methods can transform that question to, ‘How do I protect the system?’ That’s the place we want to get to.”

To keep up with our coverage of Black Hat USA 2023, bookmark this page and follow us on X (formerly Twitter) at @BizTechMagazine or check out the official conference account,  @BlackHatEvents.