1、 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 1 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN MAY 2024 VERSION 2 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 2 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 3 Tabl�������e of Contents Introduction.4 Imp
2、lementation Plan Reading G�������uide.5 Roll-Up of Implementation Plan Initiatives.6 Pillar One:Defend Critical������ Infrastructure.14 Pillar Two:Disrupt and Dismantle Threat Actors.27 Pillar Three:Shape Market Forces to Drive Security and Resilience.36 Pillar Four:Invest in a Resilient Future.44 Pillar Five:Fo
3、rge International Partnerships to Pursue Shared Goals.56 Implementation-wide Initiatives.65 Acronyms Used.66 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 4 Introduct����ion President Bidens National Cybersecurity Strategy lays out a bold,affirmative vision for cyberspace to secure the f
4、ull benefits of a safe and secure digital ecosystem ������for all Americans.Achieving the vision set forth in th�������e Strategy involves two fundamental shifts in cyberspace:rebalancing the responsibility to defend cyberspace onto more capable actors;and realigning incentives to favor long-term investments in
5、cybersecurity and resilience.Implementing the National Cybersecurity Strategy(NCS)requires coordinated and collaborative action across the United States G����overnment and American society.The National Cybersecurity Strategy Implementation Plan(NCSIP)is a roadmap for this effort,leveraging tools of nati
6、onal power to protect our national security,public safety,and economic prosperity.The Office of the National Cyber Director(ONCD)coordinates this work and reports to the President and to Congre������ss on the status of implementation.This is the second iteration of the NCSIP,building upon the first versio
7、n released in July 2023.The NCSIP Version 2 describes 100 high-impact initiatives requiring executive visibility and interagency coordination that the Federal Government is pursuing to achieve the Strategys objectives.T�����hese initiatives carry over from,add to,and build upon the initiatives described
8、in the first NCSIP,and advance the nation closer toward the Strategic Objectives sought in the National Cybersecurity Strategy.As with the first version,each initiative is assign������ed to a responsible agency with a timeline for completion.ONCD will continue���� to work with the Office of Management and Bud
9、get(OMB)to ensure funding proposals in the Presidents Budget Request align with activities in the Implementation Plan.Close collaboration with the private sector;civil soc�����iety;state,local,Tribal,and territorial governments;international partners;and Congress remains essential.Agenc��������ies will continue
10、working with interested stakeholders to implement the initiatives of this Plan and build new partnerships where possible.The Administration will cont�����inue to seek Implementation Plan initiatives based on stakeholder feedback,completion of initiatives,and assessments of their effectiveness for future
11、versions of the Implementation Plan�������.Nothing in this plan shall be construed to impair or otherwise affect the implementation o������f new or existing law or presidential policy.NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 5 Implementation Plan Reading Guide The Implementation Plan is stru
12、ctured by pillar and strategic objective to align with the National Cybersecurity St��������rategy,which has five pillars and 27 strategic objectives.The fields presented for each initiative are:Pillar The Pillar under which the initiative falls.Strategic Objective The Strategic Objective associated with th
13、e initiative.Initiative Number A unique number associated with the �������specific initiative in the form of.Initiative Title The title of an action that will support the overall outcome of the Strategic Objective.Initiative Description An explanation of the�������� activities associated with the action.National C
14、ybersecurity Strategy(NCS)Reference The specific language from the Strategy tied to the initiative.Responsible Agency The Federal agency responsible for leading the initiative with other stakeholders.Responsible Agencies are responsible for coordinating with Contributing Entities under their initia�����t
15、ive and working with ONCD to r������esolve any differences.Contributing Entities Where applicable,Federal departments or agencies that have a significant role in t�����he development and execution of the initiative,including by contributing expertise or resources,engaging in complementary efforts,or coordinati
16、ng on elements of a program.This is not intended to be a comprehensive list of all agencies with equities in an initiative.Completion Date Est�����imated completion date by quarter within the United States Government fiscal year.New Initiatives:Initiatives set in blue boxes are new to NCSIP version 2.Car
17、ryover Initiatives:Initiatives set in gray boxes continue from NCSIP version 1.Completed Initiatives:Initiatives set in green boxes and italic���ized font are NCSIP version 1 initiatives with a completion date of 2Q FY24 or earlier.These are included in NCSIP version 2 to reflect the ongoing and contin
18、ued progress against each initiative and to show the whole-of-government efforts intended to meet their respective Strategic Objective in the N�������CS.NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 6 Roll-Up of Implementation Plan Initiatives Pillar One:Defend Critical Infrastructure 1.1 E
19、stablish Cybersecurity Requirem������ents to Support National Security and Public Safety 1.1.1 Establish an initiative on cyber regulatory harmonization 1.1.2 Set cybersecurity requirements across critical infrastructure sectors 1.1.3 Increase agency use of frameworks and international standards to inform
20、 regulatory alignment 1.1.4 Promote adoption of cybersecurity best practices across t������he healthcare and public health sector 1.1.5 Explore cybersecurity regulatory reciprocity pilot programs 1.2 Scale Public-Private Collaboration 1.2.1 Scale public-private partnershi������ps to drive development and adopti
21、on of secure-by-design and secure-by-default technology 1.2.2 Provide recommendations for the designation of critical infrastructure sectors and SRMAs 1.2.3 Evaluate how CISA can leverage existing reporting mechanisms or the potential creation of a single portal to���� integrate and operationalize SRMAs
22、 sector-specific systems and processe������s 1.2.4 Investigate opportunities for new and improved information sharing and collaboration platforms,processes,and mechanisms 1.2.5 Establish a National Coordinator Office 1.2.6 Establish a collaborative mechanism to coordinat�������e cybersecurity efforts and promote
23、 best practices across the education ������facilities sub-sector 1.2.7 Continue cybersecurity education and training through the U.S.Department of Agriculture(USDA)Rural Utilities Services(RUS),Rural Water Circuit Rider Program and EPAs technical assistance programs 1.2.8 Continue to promote the adoption
24、of cybersecurity best practices across the water and wastewater sector 1.3 Integrate Federal Cybersecurity Centers 1.3.�����1 Assess and improve Federal Cybersecurity Centers and related cyber centers capabilities and plans necessary for collaboration at speed and scale 1.3.2 Develop Federal Cybersecurit
25、y Centers and related cyber centers taxonomy 1.3.3 Increase Operational Collaboration within the Energy Sec������tor through the development of the Energy Threat and Analysis Center(ETAC)1.4 Update Federal Incident Response Plans and Processes 1.4.1 Update the National Cy�������ber Incident Response Plan(NCIRP)1
26、.4.2 Issue final Cyber Incident Reporting for Critical Infrastructure Act(CIRCIA)rule NATIONAL CYBERSECURITY STRATEGY IMPLEMEN�����TATION PLAN VERSION 2 7 1.4.3 Develop exercise scenarios to improve cyber incident response 1.4.4 Draft legislation to codify the Cyber Safety Review Board(CSRB)with the requ
27、ired authorities 1.4.5 Analyze response resources����� related to cyber incidents and events 1.5 Modernize Federal Defenses 1.5.1 Secure unclassified Federal Civilian Executive Branch(FCEB)systems 1.5.2 Modernize Federal Civilian Exe�����cutive Branch(FCEB)technology 1.5.3 Secure National Security Systems(NSS
28、)at Federal Civilian Executive Branch(FCEB)agencies 1.5.4 Promote and assess the expanded use of cybersecurity shared services across unclassified Federal systems 1.5.5 Promote cyber supply chain risk management(C-SCRM)and enc����ourage effective enterprise-wide sharing of supply chain risk information
29、NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 8 Pillar Two:Disrupt a�������nd Dismantle Threat Actors 2.1 Integrate Federal Disruption Activities 2.1.1 Publish an updated DoD������� Cyber Strategy 2.1.2 Strengthen the National Cyber Investigative Joint Task Force(NCIJTF)capacity 2.1.3 Expand organ
30、izational platforms dedicated to disruption campaigns 2.1.4 Propose legislation to disrupt and deter cybercrime and cyber-enabled crime 2.1.5 Increase speed�������� and scale of disruption operations 2.1.6 Implement the 2023 DoD Cyber Strategy 2.1.7 Prevent,deter,and disrupt cybercrime and cyber-enabled cri
31、me committed by juvenile offenders 2.2 Enhance Public-Private Operational Collaboration to Disrupt Adversaries 2.2.1 Identify mechanisms for increased a������dversarial disruption through public-private operational collaboration 2.2.2 Increase collaboration between private-sector entities and Federal agen
32、cies to disrupt malicious cyber activity 2.3 Increase the Speed and Scale of Intelligence Sharing and Victim Notification 2.3.1 Identify and operationalize sector-specific intellig��������ence needs and priorities 2.3.2 Remove barriers to delivering cyber threat intelligence and data to critical infrastruct
33、ure owners and operators 2.4 Prevent Abuse of U.S.-Based Infrastructure 2.4.1 Publish a Notice of Proposed Rulemakin������������g on requirements,standards,and procedures for Infrastructure-as-a-Service(IaaS)providers and resellers 2.5 Counter Cybercrime,Defeat Ransomware 2.5.1 Disincentivize safe havens for ra
34、nsomware criminals 2.5.2 Disrupt ransomware �����crimes 2.5.3 Investigate������� ransomware crimes and disrupt the ransomware ecosystem 2.5.4 Support private sector and state,local,Tribal,and territorial(SLTT)efforts to mitigate ransomware risk 2.5.5 Support other countries efforts to adopt and implement the gl
35、obal anti-money laundering/countering the financing of terrorism(AML/CFT)standards for virtual asset service providers������� 2.5.6 Implement the International Engagement Plan to Disincentivize Safe Havens for Ransomware Criminals 2.5.7 Disrupt ransomware crimes through joint operations NATIONAL CYBERSECUR
36、ITY STRATEGY IMPLEMENTATIO�������N PLAN VERSION 2 9 Pillar Three:Shape Market Forces to Drive Security and Resilience 3.1 Hold the Stewards of Our Data Accountable 3.1.1 Update the National Privacy Research Strategy 3.2 Drive the Development of Secure IoT Devices 3.2.1 Implement Federal Acqu�������isition Regulat
37、ion(FAR)requirements per the Internet of Things(IoT)Cybersecurity Improvement Act of 2020 3.2.2 Initiate a U.S.Government IoT security labeling program 3.2.3 Research and develop cybersecurity labeling criteria to develop the smart grid of the future 3.2.4 De�������velop a U.S.Government IoT security label
38、ing program 3.3 Shift Liability for Insecure Software Products and Services 3.3.1 Explore approaches to develop a long-term,flexible,and enduring software liability framework 3.3.2 Advance software bill of mate��������rials(SBOM)and mitigate the risk of unsupported software 3.3.3 Coordinated vulnerability d
39、isclosure 3.3.4 Assess the feasibility of approaches to understand open-source software security risk 3.3.5 Explore approaches to develop a long-term,flexible,and enduring softwar��������e liability framework 3.4 Use Federal Grants and Other Incentives to Build in Security 3.4.1 Leverage Federa�������l grants to i
40、mprove infras����tructure cybersecurity 3.4.2 Prioritize funding for cybersecurity research 3.4.3 Prioritize cybersecurity research,development,and demonstration on social,behavioral,and economic research in cybersecurity 3.5 Leverage Federal Procurement to Improve Accountability 3.5.1 Implement Federal
41、 Acquisition Regulation(FAR)changes required under Executive Order 14028 3.5.2 Leverage the False Claims Act to improve vendor cybersecurity 3.6 Explore a Federal Cyber Insurance Backstop 3.6.1 Assess the need for a������� Federal insurance response to a catastrophic cyber event NATIONAL CYBERSECURITY STRA
42、TEGY IMPLEMENTATION������� PLAN VERSION 2 10 Pillar Four:Invest in A Resilient Future 4.1 Secure the Technical Foundation of the Internet 4.1.1 Lead the adoption of network security best practices 4.1.2 Promote open-source software security and the adop�������tion of memory-safe programming languages 4.1.3 Accele
43、rate development,standardization,and adoption of foundational Internet infrastructure capabilities and technologies 4.1.4 Accelerate the development and standardization,and support the adoption,of foundational Internet infrastructure capabilities and technologies 4.1.5 Collaborate with key stakehol������d
44、ers to drive secure Internet routing 4.1.6 Implement the roadmap for the adoption of secure Internet routing techniques and technology 4.1.7 Promote secure and measurable software solutions across the building blo�����cks of cyberspace 4.1.8 Promote a more secure open-source software ecosystem 4.2 Reinvi
45、gorate Federal Research and Development for Cybersecurity 4.2.1 Accelerate maturity,adoption,and security of memory-safe programming languages 4.3 Prepare for Our Post-Quantum Future 4.3.1 Implement National Security Memorandum-10 4������.3.2 Implement NSM-10 for National Security Systems(NSS)4.3.3 Standa
46、rdize,and support transition to,post-quantum cryptographic algorith������ms 4.4 Secure Our Clean Energy Future 4.4.1 Drive adoption of cyber secure-by-design p�������rinciples by incorporating them into Federal projects 4.4.2 Develop a plan to ensure the digital ecosystem can support and deliver the U.S.Governme
47、������nts decarbonization goals 4.4.3 Build and refine training,tools,and support for engineers and technicians using cyber-informed enginee������ring principles 4.4.4 Implement a plan to promote a digital ecosystem that can support and deliver the U.S.Governments decarbonization goals 4.4.5 Drive the developme
48、nt and adoption of cybersecurity principles for electric distribution and distributed energy resources(DER)in partnership with energy sector stakeholders NATIONAL CYBERSECURITY STRATEGY IMPLEMENT�������ATION PLAN VERSION 2 11 4.5 Support Development of a Digital Identity Ecosystem 4.5.1 Advance research an
49、d guidance that supports innovation in the digital identity ecosystem through public and private collaboration 4.6 Develop a National Strategy to Strengthen Our Cyber Workforce 4.6.1 Publish a National Cyber Workforce and Education Strategy and track its implementation 4.6.2 Im��������plement and report on
50、th�����e National Cyber Workforce and Education Strategy 4.6.3 Promote skills-based hiring practices NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 12 Pillar Five:Forge International Partnerships to Pursue Shared Goals 5.1 Build Coalitions to Counter Threats to Our Digital Ecosystem 5.1.1
51、Create interagency teams for regional cyber collaborati�������on and coordination 5.1.2 Publish an International Cyberspace and Digital Policy Strategy 5.1.3 Strengthen Federal law enforcement collaboration mechanisms with allies and partners 5.1.4 Regional cyber hubs study 5.1.5 Implement the Internationa
52、l Cyberspace and Digital Policy Strategy 5.2 Strengthen International Partner Capacity 5.2.1 Strengthen international partners cyber capacity 5.2.2 Expand international partners cyber capacity through operational law enforcement colla�������bora��������tion 5.3 Expand U.S.Ability to Assist Allies and Partners 5.3.
53、1 Establish flexible foreign assistance mechanisms to provide cyber incident response support quickly 5.4 Build Coalitions to Reinforce Global N������orms of Responsible St������ate Behavior 5.4.1 Hold irresponsible states accountable when they fail to uphold their commitments 5.5 Secure Global Supply Chains fo
54、r Informa����tion,Communications,and Operational Technology Products and Se�������rvices 5.5.1 Promote the development of secure and trustworthy information and communication technology(ICT)networks and services 5.5.2 Promote a more diverse and resilient supply chain of trustworthy information and communicatio
55、n technology(ICT)vendors 5.5.3 Begin administering the Public Wire����less Supply Chain Innovation Fund(PWSCIF)5.5.4 Promulgate and amplify Cybersecurity Supply Chain Risk Management(C-SCRM)key practices across and within critical infrastructure sectors 5.5.5 Develop guidance for secure development and
56、manufacturing of semiconductors 5.5.6 Continue to award PWSCIF grants to support the development of open and interoperable wireless networks NATIONAL CYBERSECURITY STR������ATEGY IMPLEMENTATION PLAN VERSION 2 13 Implementation-Wide Initiatives 6.1 As������sessing Effectiveness 6.1.1 Report progress and effectiv
57、eness on implementing the Nationa�������l Cybersecu������rity Strategy 6.1.2 Apply lessons learned to the National Cybersecurity Strategy implementation 6.1.3 Align budgetary guidance with National Cybersecurity Strategy implementation NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 14 Pillar One:D
58、efend Critical Infrastructure Strategic Objective ���������1.1:Establish Cybersecurity Requirements to Support National Security a����nd Public Safety Initiative Number:1.1.1 Initiative Title:Establish an initiative on cyber regulatory harmonization Initiative Number:1.1.2 Initiative Title:Set cybersecurity requ
59、irements across critical infrastructure sectors Initiative Description Through the ongoing National Security Council(NSC)-led policymaking process,Sector Risk Management Agencies(SRMAs)and regulators will analyze the cyber risk in their industries and outline how����� they will use their existing authori
60、ties to establish cyber requirements that mitigate risk in their sector,account for sector-specific needs,identify gaps in authorities,and develop proposals to close them.NCS Reference The Federal Government will use existing authorities to set necessary cybersecurity requirements in critic����al sector
61、s.Where Federal departments and agencies have gaps in statutory ������authorities to implement minimum cybersecurity requirements the Administrati������on will work with Congress to close them.Responsible Agency:NSC Contributing Entities:SRMAs,ONCD Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEME
62、NTATION PLAN VERSION 2 15 Initiativ������e Number:1.1.3 Initiative Title:Increa������se agency use of frameworks and international standards to inform regulatory alignment Initiative Description The National Institute of Standards and Technology(NIST)Cybersecurity Framework(CSF)is refined,improved,and evolves o
63、ver time.Updates help the performance-based Framework keep pace with technology and threat trends,integrate lessons learned,and move best practice to common practice.NIST is developing a signifi�������cant update to ������the Framework:CSF 2.0.NIST will issue the final CSF 2.0 and provide technical assistance on
64、 alignment of regulations with international standards and the NIST CSF,as requested by Federal agencies.NCS Reference Regulati�������ons ����should be performance-based,leverage existing cybersecurity frameworks,voluntary consensus standards,and guidance including the Cybersecurity and Infrastructure Security
65、 Agency(CISA)s Cybersecurity Performance Goals and the National Institute of Standards and Technology(NIST)Framework for Improving Crit�������ical Infrastructure Cybersecurity.Responsible Agency:NIST Contributing Entities:CISA,SRMAs Completion Date:1Q FY25 Initiative Number:1.1.4 Initiative Title:Promote a
66、doption of cybersecurity best practices across the healthcare and public health sector Initiative Description The Department of Health and Human Services(HHS),as part of its sector-specific risk management plan required under Nat�����ional Security Memorandum-22,will continue to underscore the adoption o
67、f cybersecurity best practices across the healthcare and public health sector by implementing an HHS-wide stra����tegy to support greater enforcement and accountability across the sector.NCS Reference The Federal Government will use existing authorities to set necessary cybersecurity requirements in cri
68、tical sectors.Where Federal departments and agencies have gaps in statutory authorities to implement minimum ������cybersecurity requirementsthe Administration will work with Congress to close them.Responsible Agency:HHS Contributing Entities:CISA Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IM
69、PLEMENTATION PLAN VERSION 2 16 Initiative Number:1.1.5 Initiative Title:Explore cybersecurity regulatory reciprocity pilot programs Initiati�����ve Description The Office of the National Cyber Director(ONCD),working with regulatory departments and agencies(including through the Cybersecurity Forum for In
70、dependent and Executive Branch Regulators)and building on findings from its regulatory harmonization request for information,will explore one or more regulatory harmonization and reciprocity pil����������ot programs to establish baseline cybersecurity requirements that model approaches to harmonization and re
71、ciprocity.NCS Reference ONCD,in coordination with the Office of Management and Budget(OMB),will lead the Administrations efforts on cybersecurity regulatory harmonization.The Cyber Incident Reporting Council will coordinate,deconflict,and har����������monize Federal incident reporting requirements.Responsible
72、 Agency:ON�������CD Contributing Entities:CISA,OMB Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 17 Strategic Objective 1.2:Scale Public-Private Collaboration Initiative Number:1.�����2.1 Initiative Title:Scale public-private partnerships to drive development and adoption
73、 of secure-by-design and secure-by-default technology Initiative Description The Cybersecurity and Infrastructure Security Agency w������ill lead public-private partnerships with technology manufacturers,educators,non-profit organizations,academia,the o�������pen-source software community,and others to drive the
74、 development and adoption of software and hardware that is secure-by-design �������and secure-by-default.CISA,working with NIST,other federal agencies,including SRMAs,as appropriate,and the private sector will develop secure-by-design and secure-by-default principles and practices that first leverage exist
75、ing and relevant international,industry,and government standards and practices.CISA will identify barriers to adoption for such principles and best practices,and will work to���� drive collective action to adopt these principles across the private sector.In the case that gaps between secure-by-design an
76、d secure-by-default principles and existing standards and ��������practices are identified,CISA,NIST,NSF,and other federal agencies,including SRMAs,as appropriate,will lead open and transparent public-private partnerships to fill those gaps.NCS Reference The Federal Government will ������also deepen operational a
77、nd strategic collaboration with software,hardware,and managed service providers with the capability to reshape the cyber landscape in favor of greater security and resilience.Responsible Agency:CISA Contributing Entities:NIST,NSF,SRMAs Completion Date:4Q FY24 Initiativ���������e Number:1��������.2.2 Initiative Title
78、:Provide recommendations for the designation of critical infrastructure sectors and SRMAs NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 18 Initi�����ative Number:1.2.3 Initiative Title:Evaluate how CISA can leverage existing reporting mechanisms or the potential creation of a single porta
79、l to integrate and operationalize SRMAs sector-specific systems and processes Initiative Description The Cybersecurity and Infrastructure ��������Security Agency will work with SRMAs to understand where ga������ps exist in information sharing and understand requirements for an interoperable system for information
80、 exchange among SRMAs and ot������her federal partners.Where SRMAs do not have robust information sharing capabilities already in place,CISA will work with them to develop a process to mature their capabilities.NCS Reference In partnership with the private sector,CISA and SRMAs w����ill explore technical and
81、organizational mechanisms to enhance and evolve machine-to-machine sharing of data.Responsible Agency:CISA Contributing Entities:DOJ,FBI,NSA,SRMAs Completion Date:3Q FY24 Initiative Number:1.2.4 Initiative T�����itle:Investigate opportunities for new and improved information sharing and collabo����ration pla
82、tforms,processes,and mechanisms Initiative Description The Cybersecurity and Infrastructure Sec��������urity Agency will lead a cross-sector effort to review public-private collaboration mechanisms.SRMAs,in coordination with CISA as appropriate,will represent the activities in their sectors such as Sector C
83、oordinating Councils,Information Sharing and Analysis Centers(ISACs),Information �����Sharing and Analysis Organizatio�����ns(ISAOs),emerging sector collaboration initiatives,and other entities to deliver to CISA for the development of a maturity model for public-private collaboration.NCS Reference Building o
84、n decades of experience collaborating with IS�����ACs and ISAOs,the Federal Government will work with these and other groups to develop a shared vision of how this model should evolve.Responsible Agency:CISA Contributing Entities:SRMAs Completion Date:1Q FY26 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATIO
85、N PLAN VERSION 2 19 Initiative Number:1.2.5 Initiative Title:Establish a National Coordinator Office1 Initiative Description The Cybersecurity and Infrastructure Security Agency����,in accordance with National Security Memorandum-22,will establish a National Coordinator Office to serve as the single poi
86、n���t of contact for supporting all SRMAs.The office will coordinate the provision of CISA resources to support SRMAs,depending on SRMA capabilities.CISA will work with each SRMA to define its needs an�������d priorities for support from the office,to include evaluating options and opportunities for shared se
87、rvices,and use this information to update CISAs services catalog,a������s necessary.NCS Reference The Federal Government will continue to enhance coordination between CISA and other SRMAs,invest in the development of SRMA capabilities,and otherwise enable SRMAs to proactively respond to the needs of criti
88、cal infrastructure owners and operators in their sectors.Responsible Agency:CISA Contributing Entities:SRMAs,NSC Completion Date:4Q FY25 Initiative Number:1.2.6 Initiative Title:Establish a collaborative���� ����mechanism to coordinate cybersecurity efforts and promote best practices across the education fa
89、cilities sub-sector Initiative Description The Department of Education(Educatio�������n),as part of its subsector-specific risk management plan required under National Security Memorandum-22,will establish formal cybersecurity coordination mechanisms,including a Government Coordinating Council to promote c
90、ybersecurity best practices with state,local,Tribal,and territorial entities across the education facilities sub-sector.NCS Reference Defending critical infrastructure against adversarial activity and other threats requires a m����odel of cyber defense that emulates the distributed structure of the Inte
91、rnet.We will realize this distributed,networked model by developing and stren�����gthening collaboration between defenders through structured roles and responsibilities and increased connectivity enabled by the automated exchange of data,information,and knowledge.Responsible Agency:Education C�����ontributing
92、 Entities:GSA,CISA 1 This initiative from NCSIP version 1 now reflects new policy outlining the role of the National Coordinator for the Security and Resilience of Critical Infrastructure and its attendant responsibilities.NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATI�����ON PLAN VERSION 2 20 Completion D
93、ate:4Q FY24 Initiative Number:1.2.7 Initiative Title:Continue cybersecurity education and training t��������hrough the U.S.Department of Agriculture(USDA)Rural Utilities Services(RUS)Rural Water Circuit Rider Program and EPAs technical assistance programs Initiative Description The U.S.Department of Agricul
94、ture(USDA)will coordinate with the �����Environmental Protection Agency(EPA),as the SRMA for the water sector and as part of the water and wastewater sector-specific risk management plan������ required under National Security Memorandum-22,to work with partners to expand the USDA RUS Rural Water Circuit Rider
95、Program to include water systems cybersecurity technical assistance,education,and training.NCS Reference Defending critical infrastructure a���������gainst adversarial activity and other threats requires a model of cyber defense that emulates the distributed structure of the Internet.We will realize this dis
96��������、tributed,networked model by developing and strengthening collaboration between defenders through structured roles and responsibilities and increased connectivity enabled by the automated exchange of data,information,and knowledge.Responsible Agency:USDA Contributing Entity:EPA Completion Date:1Q FY2
97、6 Initiative Number:1.2.8 Initiative Title:Continue to promote the adopt����ion of cyberse�������curity best practices across the water and wastewater sector Initiative Description The Environmental Protection Agency,as part of its sector-specific risk management plan required under National Security Memorandu
98、m-22,wil�����l promote the adoption of cybersecurity best practices at drinking water and wastewater utilities and support state cybersecurity programs by providing technical assistance���� in the form of cybersecurity assessments,subject-matter expert consultations,and training,as well as through guidance o
99、n cybersecurity best practices.NCS Reference SRMAs support individual owners and operator��������s in their respective sectors who are responsible for protecting the systems and assets they operate.Responsible Agency:EPA Contributing Entities:CISA Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPL
100、EMENTATION PLAN VERSION 2 21 Strategic Objective 1.3:Integrate Federal Cybersecurity Centers Initiative Number:1.3.1 Initiative Title:Assess and improve Federal Cybersecurity Centers and related cyber centers capabil������ities and plans necessary for collaboration at speed and scale Initiative Number:1.3
101、.2 Initiative Title:Develop Federal Cybersecurity Centers and related cyber centers taxonomy Initiative Description The Office of t����he National Cyber Director will work with inter�������agency partners to develop a taxonomy for clarifying and classifying the responsibilities of Federal Cybersecurity Centers
102、 and related cyber centers to inform integration efforts.NCS Reference The Federal Government must coordinate the authorities and capabilities of the departments and agencies that are collectively responsible for supporting the defense of critical infrastructure.Responsible Agency:ONCD �����Contributing
103、Entities:OMB Completion Date:1Q FY25 Initiative Number:1.3.3 Initiative Title:Increase Operational Collaboration within the Energy Sector through the development of the Energy Threat and Analysis Center(ETAC)Initia��������tive Description The Department of Energy(DOE)will continue the Energy Threat and Anal
104、ysis Center(ETAC)program and expand the number of public and private energy stakeholders engaged with the ETAC.NCS Reference Operational collaboration models at SRMAs,such as the Department of Energy(DOE)s Energy Threat Analysis Center(ET�������AC)pilot provide opportunities to enable timely,actionable,and
105、 relevant information sharing directly with private sector partners in their respective sectors.Responsible������ Agency:DOE Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION P�������LAN VERSION 2 22 Strategic Objective 1.4:Update Federal Incident Response Plans and Processes Initiative Numb
106、er:1.4.1 Initiative Title:Update the National����� Cyber Incident Response Plan(NCIRP)Initiative Description The Cybersecurity and Infrastructure Secur�����ity Agency,in coordination with ONCD,will lead a process to update the National Cyber Incident Response Plan(NCIRP)which is subordinate to Presidential Po
107、licy Directive 41 to strengthen processes,procedures,and systems to more fully realize the policy that“a call to one is a call to all.”The NCIRP update will also include clear guidance to external partners on the roles and capabilities of Feder�����al agencies in incident response and recovery.NCS Refere
108、nce CISA will lead a process to update the subordinate National Cyber Incident Response Plan(NCIRP)Responsible Agency:CISA Contributing En����tities:DOJ,FBI,SRMAs,USSS,ONCD Completion Date:1Q FY25 Initiative Number:1.4.2 Initiative Title:Issue final Cyber Incident Reporting for Critical Infrastructure A
109、ct(CIRCIA)rule Initiative Description The Cybersecurity and Infrastructure Security Agency will consult with SRMAs,the Department of Justice(DOJ),and other Federal agencies to������� implement CIRCIA.CISA will publish the CIRCIA Notice of Proposed Rulemaking and Final Rule per the statutory requirements,an
110、d develop the processes to advance effective actioning of inci����������dent reports to include sharing of incident reports with appropriate agencies.NCS Reference CISA will consult with SRMAs,DOJ,and other Federal agencies during the CIRCIA rule-making and implementation process Responsible Agency:CISA Contr
111、ibuting Entities:DOJ,FBI,SRMAs,USSS Completion Date:4Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 23 In�����itiative Number:1.4.3 Initiative Title:Develop exercise scenarios to improve cyber incident response Initiative Number:1.4.4 Initiative Title:Draft legislation to codify the
112、 Cyber Safety Review Board(CSRB)with the required authorities Initiative Number:1.4.5 Initiative Title:Analyze response resources related to cyber incidents and events Initiative Description The Office of the National Cyber Director,wo��������rking with the Department of Homeland Security(DHS)and the Federa
113、l Emergency Management Agency(FEMA),�����will conduct case studies to analyze predictable and an�������omalous resources used in responses to previous cyber incidents with Federal cyber response agencies,including CISA and FBI.NCS Reference When Federal assistance is required,the Federal Government must present
114、 a unified,coordinated,whole-of-government response.Responsible Agency:ONCD Contributing Entities:FEMA Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 24 Strategic Objective 1.5:Modernize Federal Defenses Initiative Number:1.5.1 Initiative Title�����:Secure unclassif
115、ied Federal Civilian Executive Branch(FCEB)systems Initiative Description The Office o��������f Management and Budget,in coordination with CISA,will develop a plan of action to secur�����e unclassified FCEB systems through collective operational defense and to foster expanded use of centralized shared services,e
11����6、nterprise license agreements,and software supply chain risk mitigation.NCS Reference OMB,in coordination with CISA,will develop a plan of action to secure FCEB systems through collective operational defense,expanded availability of centralized shared se�����rvices,and software supply chain risk mitigatio
117、n.Responsible Agency:OMB Contributing Entities:CISA,NIST,ONCD Completion Date:2Q FY24 Initiative Number:1.5.2 Initiative Title:Modernize Federal Civilian Executive Branch(FCEB)technology Initiative De������scription The Office of Management and Budget will lead development �������of a multi-year lifecycle plan t
118、o accelerate FCEB technology modernization,prioritizing Federa������l efforts on eliminating legacy systems w�������hich are costly to maintain and difficult to defend.NCS Reference OMB will lead development of a multi-year lifecycle plan to accelerate FCEB technology modernization,prioritizing Federal efforts o
119、n eliminating legacy systems which are c������ostly to maintain and difficult to defend.Responsible Agency:OMB Contributing Entities:GSA,CISA,ONCD Completion Date:4Q FY24 NATIONAL CYBERSECURITY STRATEGY IMPLE����MENTATION PLAN VERSION 2 25 Initiative Number:1.5.3 Initiative Title:Secure National Security Syst
120、ems(NSS)at Federal Civilian Executive Branch(FCEB)agencies Initiative Description The National Security Agency(NSA),in fulfilling����� the responsibilities of the National Manager for National Security Systems,will develop and execute a plan to address the security of NSS at FCEB agencies.NCS Reference T
121、he Director of the NSA,as the National Manager for NSS,will coordinate with OMB to develo������p a plan for NSS at FCEB agencies that ensures implementation of the enhanced cybersecurity requirements of NSM-8.Responsible Agency:NSA Contributing Entities:OMB,ONCD Completion Date:4Q FY24 Initiative Number:1
122、.5.4 Initiative Title:Promote and ass�������ess the expanded use of cybersecurity shared services across unclassified Federal systems Initiative Description The Cybersecurity and Infrastructure Security Agency(CISA),in coor�����dination with OMB and ONCD,will inventory high-value,cost-effective cybersecurity sh
123、ared services that reduce risk across unclassified FCEB systems�����,and identify opportunities to more efficiently ��������understand and execute key shared services,both by leveraging best practices and addressing process-oriented challenges.NCS Reference OMB,in coordination with CISA,will develop a plan of ac
124、tion to secure FCEB systems through collective operational defense,expanded availability of centralized shared services,and software supply chain risk miti���gation.Responsible Agency:CISA Contributing Entities:NIST,OMB,ONCD Completion Date:4Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VE
125、RSION 2 26 Initiative Number:1.5.5 Initiative Title:Promote cyber supply chain risk management(C-SCRM)and encourage effective enterprise-wide sharing of supply chain risk information Initiative Description The General Services Ad����ministration(GSA)will facilitate government-wide a�������ccess to and use of m
126、ulti-component,supply chain risk illumination and assessment tools,with associated professional analytic suppor��t services,to enable identification,assessment,mitigation,and conti�������nuous monitoring of various supply chain risks and protect against adversarial threats.These investments will promote C-SC
127、RM,inc�������luding assessing the impacts of Post-Quantum Cryptography on the supply chain.NCS Reference We will continue to build Federal cohesion through focused action across the Federal Government.These efforts will build on prior programs and prioritize actions that advance a whole-of-government appro
128、ach to defending FCEB information systems.Responsible Agenc����y:GSA Contributing Entities:OMB Completion Date:1Q FY25 NATIONAL CYBERSE�����CURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 27 Pillar Two:Disrupt and Dismantle Threat Actors Strategic Objective 2.1:Integrate Federal Disruption Activities Initiativ
129、e Number:2.1.1 Initiative Title����:Publish an updated DoD Cyber Strategy Initiative Number:2.1.2 Initiative Title:Strengthen the National Cyber Investigative Joint Task Force(��������NCIJTF)capacity Initiative Description The NCIJTF will strengthen its capacity to coordinate takedown and disruption campaigns w
130、ith greater speed,scale,and frequency.NCS Reference The NCIJTF,as a multi-agency focal point for coordinating whole-of-government disruption campaigns,will expand its capacity to coordinate takedown and disruption campaigns with greater speed,scale,and frequency.Responsible Agenc������y:FBI Contributing E
131、ntities:DOJ Completion Date:4Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 28 Initiative Number:2.1.3 Initiative Title:Expand organizational platforms dedicated to disruption campaigns Initiative Description The Department of Justice �������will increase the volume and speed of disr���u
132、ption campaigns against cybercriminals,nation-state adversaries,and associated enablers(e.g.,money launderers)by expanding its organizational platforms dedicated to such threats and increasing the number of qualified attorney������s dedicated to cyber work.NCS Reference To increase the volume and speed of
133、 these integrated disruption campaigns,the Federal Government must further develop technological and organizational platforms that enable continuous,coordinated operations.Responsible Agency:DOJ Completion ������Date:1Q FY25 Initiative Number:2.1.4 Initiative Title:Propose legislation to disrupt and deter
134、 cybercrime and cyber-enabled crime Initiative Number:2.1.5 Initiative Title:Increase speed and scale of disruption operations Initiative Description The National Cyber Investigative Joint Task Force,law enforcement agencies,U.S.Cyber Command,NSA,and other elements of the����� intelligence community will
135、 lead the development of a menu of options for coordinating and executing disruption operations to increase the speed and scale ������of these operations.NCS Reference To increase the volume and speed of these integrated disruption campaigns,the Federal Government must further develop technological and or
136、ganizational platforms that enable continuous,coordinated operations.Responsible Agency:FBI Completion Date:2Q FY24 NA�������TIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 29 Initiative Number:2.1.6 Initiative Title:Implement the 2023 DoD Cyber Strategy Initiative Description The Department of
137、 Defense(DoD)will complete the implementation guidance for the 2023 DoD Cyber Strategy and,through short to mid-term initiatives aligned to the four������� lines of effort identified in the Strategy,make progress to achieve its vision.The initiatives will address challenges posed���� by nation-states and other
138、 malicious actors whose capabilities or campaigns pose a strategic-level threat to the United States and its interests.DoD will also assess the�������� effectiveness of the Strategy and identify policy,capabilities,and resource constraints.NCS Reference DoD will develop an updated departmental cyber strateg
139、y aligned with the National Security Strategy,National Defense Strategy,and this National Cybersecurity Strategy.Responsible Agency:DoD Completion Date:3Q FY25 Initiative Number:2.1.7 Initiative Title:Prevent,deter,and disrupt cybercrime and cyber-enabled crime committed by juvenile offen�������ders Initia
140�������、tive Description The Department of Justice will collaborate with the Federal Bureau of Investigation(FBI)and Department of Homeland Security(DHS)and,as appropriate,federal,state,loc�������al,tribal and territorial governments,international and industry partners,to develop a whole-of-society approach consis
141、tent with the CSRBs recommendations from its r�����eview of Lapsus$.This approach will seek to enhance existing U.S.Government programs and policies to improve prevention,deterrence,and redirecti������on of juvenile cybercrime offenders and disruption of future malicious cyber activity conducted by juvenile of
142、fenders.NCS Reference To increase the volume and speed of these integrated disruption campaigns,the Federal Government must further develop technological and organizational platforms that enable continuous,coordinated operations.Responsible Agency:DOJ Contributing ����Entities:DHS,FBI Completion Dat�����e:1Q
143、 FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION ������PLAN VERSION 2 30 Strategic Objective 2.2:Enhance Public-Private Operational Collaboration to Disrupt Adversaries Initiative Number:2.2.1 Initiative Title:Identify mechanisms for increased adversarial disruption through public-private operational
144、collaboration Initiative Number:2.2.2 Initiative Title:Increase collaboration between private-����sector entities and Federal agencies to disrupt malicious cyber activity Initiative Description The Office of the National Cyber Director,in collaboration with Federal agencies,will identify policies that s
145、upport effective collaboration,and���� enhance the speed and utility of collaboration between private sector entities and Federal agencies.NCS Reference Effective disruption of malicious cyber activity requires more routine collaboration between the private sector entities that have unique insights and
146、capabilities and the Federal agencies that have the means and authorities to act.Responsible Agency:ONCD C��������ontributing Entities:DoD,DOJ,CISA,FBI,NSA,USSS Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 31 Strategic Objective 2.3:Increase the Speed and Scale of In
147、telligence Sharing and Victim Notification Initiative Number:2.3.1 Initiative Title:Identify and operationalize sector-specific intelligence needs and priorities Initiative Description Consistent with the requirement set forth in �������the Fiscal Year 2021 National Defense Authorization Act Section 9002(c
148、)(1),the National Security Council will lead a policymaking process �������to establish an agreed-upon approach for SRMAs to identify sector-specific intellig����ence needs and priorities.NCS Reference SRMAs,in coordination with CISA,law enforcement agencies,and the CTIIC will identify intelligence needs and p
149、riorities within their sector and develop processes to share warnings,technical indicators Responsible Agency:NSC Contributing Entities:DHS,DOJ,ODNI,CIA,CISA,FBI,NSA,SRMAs,����USSS Completion Date:1Q FY25 Initiative Number:2.3.2 Initiative Title:Remove barriers to delivering cyber th������reat intelligence an
150、d data to critical infrastructure owners and operators Initiative Description Leveraging the deliverables and lessons learned from Executive Order(EO)13636,Section 4 implementation,the Of�������fice of the Director of National Intelligence(ODNI)will,in coordination with DOJ and DHS,review policies and proc
151、edures for sharing cyber threat intelligence with critical infrastructure owners and o�����perators and evaluate the need for expanding clearances and intelligence access to enable this.NCS Reference The Federal Government will also review declassification policies and processes to determin��������e the conditio
152、ns under which extending additional classified access and expanding clearances is necessary to provide actionable intelligence Responsible Agency:ODNI Contributing Entities:DoD�������,DHS,DOJ,NSA�������,FBI,NSC,ONCD Completion Date:3Q FY24 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 32 Strategic
153、 Obj����ective 2.4:Prevent Abuse of U.S.-Based Infrastructure Initiative Number:2.4.1 Initiative Title:Publish a Notice of Proposed Rulemaking on requirements,standards,and procedures for Infrastructure-as-a-Service(IaaS)providers and resellers NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION
154、 2 33 Strategic Objective 2.5:Counter Cybercrime,Defeat Ransomware Initiative Number:2.5.1 Initiative Title:Dis��������incentivize safe havens for ransomware criminals Initiative Number:2.5.2 Initiative Title:Disrupt ransomware crimes Initiative Number:2.5.3 Initi������ative Title:Investigate ransomware crimes an
155、d disrupt the ransomware eco�����system Initiative Number:2.5.4 Initiative Title:Support private sector and state,local,Tribal,and territorial(SLTT)efforts to mitigate ransomware risk Initiative Description The Cybersecurity and Infrastructure Security Agency,in coordination with the JRTF(co-chaired by C
156、ISA and FBI),SRMAs,and other stakeholders,will offer resources such as������ training,cybersecurity services,technical assessments,pre-attack planning,and incident response to critical infrastructure organizations,SLTT,and other high-risk targets ������of ransomware to reduce the likelihood of impact and the sc
157、ale and duration of impacts when they occur.NCS Refere������nce Given ransomwares impact on key critical infrastructure services,the United States will employ all elements of national power to counter the threat along four lines of effort.(3)bolstering c������ritical infrastructure resilience to withstand ranso
158、mware attacks The Joint Ransomware Task Force(JRTF)will pr����ovide support to private sector and SLTT efforts to increase their protections a����gainst ransomware.Responsible Agency:CISA Contributing Entities:FBI,SRMAs,USSS,NSC Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VER
159、SION 2 34 Initiative Number:2.5.5 I������nitiative Title:Support other countries efforts to adopt and imple����ment the global anti-money laundering/countering the financing of terrorism(AML/CFT)standards for virtual asset service providers Initiative Description The Department of the Treasury will lead gover
160、nment stakeholders,including DOJ,the Department of State(State),and other interagency participants,and w�������ill work with international partners bilaterally and through the Treasury-led delegation to the Financial Actio������n Task Force(FATF)to accelerate global adoption and implementation of anti-money laun
161、dering and countering the financing of terrorism(AML/CFT)standards and sup�����ervision for virtual asset service providers,including disrupting providers that enable laundering of ransomware payments.The United States will continue to draft and contribute to Recommendation 15-related publications,includ
162、ing planned m��������aterials for publication in early and mid-2024.This includes providing technical assistance to low-capacity countries and encouraging other FATF members to provide similar support.NCS Reference the United States will support implementation of international AML/CFT standards globally to
163、������mitigate the use of cryptocurrencies for illicit activities Responsible Agency:Treasury Contributing Entities:DOJ,State,USSS,NSC Completion Date:4Q FY24 NATIONAL CYBERSECURIT������Y STRATEGY IMPLEMENTATION PLAN VERSION 2 35 Initiative Number:2.5.6 Initiative Title:Implement the International Engagement Pl
164、an t����o Disincentivize Safe Havens for Ransomware Criminals Initiative Description The Department of State,in coordination with the Joint Ransomware Task Force(co-chaired by FBI and CISA),will conti������nue to work with the DOJ and other U.S.interagency and international partners and stakeholders to implem
165、ent the International Engagement Plan to Disincentivize Safe Havens for Ransomware Criminals.NCS Reference Given ransomwares impact on key critical infrastructure services,the United States will emp������loy all elements of national power to counter the threat along four ��������lines of effort:(1)leveraging inte
166、rnational cooperation toisolate those countries that provide safe havens for cr�������iminals Responsible Agency:State Contributing Entities:DHS,DOJ,Treasury,CISA,FBI,NSA,ODNI,NSC Completion Date:4Q FY24 Initiative Number:2.5.7 Initiative Title:Disrupt ransomware crimes through joint operations Initiative
167、Description The Federal Bureau of Investigation,in coordination with the Joint Ransomware Task Force(co-chaired by FBI and CISA),will continue to wor������k with Federal,international,and private sector partners to carry out joint disruption operations against the ransomware ecosystem,and disseminate thre
168、at advisories to the private sector.NCS Reference Given ransomwares impact on key critical infrastructure services,the United States will employ all elements of national power to counter the threat������ along four lines of effort:(1)leveraging international cooperation to disrupt the ransomware ecosyst�����em
169、.;(2)investigating ransomware crimes and using law enforcement and other authoriti�����es to disrupt ransomware infrastructure and actors;and(4)addressing the abuse of virtual currency to launder ransom payments The Joint Ransomware Task Force(JRTF)will coordinate,deconflict,and synchronize existing inte
170、ragency efforts to disrupt ransomware operations.Responsible Agency:FBI Contributing Entities:DOJ,CISA,NSA,USSS Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 36 Pillar Three:Shape Mark�������et Forces to Drive Security and Resilience Strategic Objective 3.1:Hold the
171、Stewards of Our Data Accountable Initiative Number:3.1.1 Initiative Title:Update the N�����ational Privacy Research Strategy In������itiative Description The Office of Science and Technology Policy(OSTP)will work with the National Science Foundation(NSF),NIST,and other Privacy Research&Development(R&D)Interage
172、ncy Working Group partners to develop a strategy to prioritize research investments to prevent adverse privacy effects arising from information processing,including R&D of privacy-protecting information systems and standards,and������ large-scale data analytics.NCS Reference Securing personal data is a fo
173、undational aspect to protecting consumer privacy in a digital fut������ure.Data-driven technologies have transformed our economy and offer convenience for consumers.Responsible Agency:OSTP Contributing Entities:NSF,NIST Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLE��������MENTATION PLAN VERSION 2
174、37 Strategic Objective 3.2:Drive the Development of Secure IoT Devices Initiative Number:3.2.1 Initiative Title:Implement Federal Acquisition Regulation(FAR)requirements per the Internet of Things(IoT)Cybersecu������rity Improvement Act of 2020 Initiative Number:3.2.2 Initiative Title:Initiate a U.S.Gover
175、nment IoT security labeling program Initiative Number:3.2.3 Initiative Title:Research and develop cyb������ersecurity labeling criteria to develop the smart grid of the future Initi������ative Description The U.S.Department of Energy in collaboration with the National Labs and industry partners will research an
176、d develop criteria for c�����ybersecurity labeling for smart meters and power inverters,both ����essential components of the clean,smart grid of the future.NCS Reference the Administration will continue to advance the development of IoT security labeling.Responsible Agency:DOE Contributing Entities:NIST,NSC
177、Completion Date:1Q FY25 Initiative Number:3.2.4 Initiative Tit�����le:Develop a U.S.Government IoT security labeling program Initiative Description The Federal Communications Commission(FCC)will complete a proceeding to develop a voluntary IoT cybersecurity labeling program,whereby compliant devices and
178、products would be authorized to display a“U.S.Cyber Trust Mark.”NCS Reference the Administration will continue to advance the development of IoT security labeling.Responsible Agency:FCC Completion Date:3Q FY24 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 38 Strategic Objective 3.3������:S
179、hift Liability for Insecure Software Products and Services Initiative Number:3.3.1 Initiative Title:Explore approaches to develop a long-term,flexible,and���� enduring software liability framework Initiative Number:3.3.2 Initiative Title:Advance software bill of materials(SBOM)and mitigate the risk of u
180、nsuppor������ted software Initiative Description In order to collect data on the usage of unsupported software in critical infrastructure,the Cybersecurity and Infrastructure Security Agency will work with key stakeholders,including SRMAs,to identify and reduce gaps in SBOM scale and implementation.CISA w
181、ill also explore requirements for a globally-accessible database for end-of-life/end-of-support software and convene an international staff-level working gr������oup on SBOM.NCS Reference the Administration will.promote the further development of SBOMs;and develop a process for identifying and mitigating
182、the risk pr������esented by unsupported software that is widely used or supports critical infrastructure.Responsible Agency:CISA Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPL�������EMENTATION PLAN VERSION 2 39 Initiative Number:3.3.3 Initiative Title:Coordinated vulnerability disclosure Initiative
183、 Description The Cybersecurity and Infrastructure Security Agency will work to build do�����mestic and international support for an expectation of coordinated vulnerability disclosure among public and private entities,across all technology types and sectors,including through the creation of an internatio
184、nal vulnerability coordinator community of pra�����ctice.This will include supporting international institutions,including international Computer Emergency Response Teams and other community-driven organizations,to build global awareness and capacity around coordinated vulnerability disclosure.NCS Refere
185、nce To further incentivize the adoption of secure software development practices,the Admin������istration will encourage coordinated vulnerability disclosure across all technology types and sectors Responsible Agency:CISA Contributing Entities:State Completion Date:4Q FY25 Initiative Number:3.3.4 Initiati
186、ve Title:Assess the feasib������ility of approaches to assess open-source software security risk Initiative Description The Department of Homeland Security,through the Cybersecurity�������� and Infrastructure Security Agency and in consultation with the open-source community,and as recommended by the Cyber Safety
187、 Review Board review of Log4j,will explore the feasibilit������y of various approaches to assess open-source software security ris�����k,including an open-source software security risk assessment center.This work will build on CISAs Open-Source Software Security Roadmap and draw from Executive Order 14028 and
188、NIST software security and quality guidance,tools,and����� resources.This initiative will also consider critical open-source dependencie�����s,contributions back to such dependencies,investments in open-source software security,and a plan for software maintenance support for critical services.NCS Reference Ma
189、rkets impose inadequate costs on and often reward those entities that introduce vulnerable products or services into our digital ecosystem.Too many vendors ignore best practices for secure developmen�����t,shi����p products with insecure default configurations or known vulnerabilities,and integrate third-par
190、ty software of unvetted or unknown provenance.Responsible Agency:DHS Contributing Entities:CISA,NIST Completion Date:4Q FY25 NATI���ONAL CYBERSECURITY STRATEGY IMPLEMENTA�����TION PLAN VERSION 2 40 Initiative Number:3.3.5 Initiative Title:Explore approaches to develop a long-term,flexible,and enduring softw
191、are liability fram������ework Initiative Description The Office o�����f the National Cyber Director will continue to engage stakeholders interested in software liability policy and further develop proposals to establish a liability regime for software products and services.Through a series of workshops,ONCD wi
192、ll seek feedback on proposals from civil society,business,and academia.ONCD will also review legal authorities related to software liability������� pursuant to completed legal symposia.NCS Reference To begin to shape standards of care for secure software development,the Administration will drive the develo
193、pment of an adaptable safe harbor framework to shield from liability companies that ��������securely develop and maintain their software products and servicesThe Administration will work with Congress and the private sector to develop legislation establishing liability for software products and services.Res
194、ponsible Agency:ONCD Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENT������ATION PLAN VERSION 2 41 Strategic Objective 3.4:Use Federal Grants and Other Incentives to Build in Security Initiative Number:3.4.1 Initiative Title:Leverage Federal grants to improve infrastructure cybersecurity
195、Initiative Number:3.4.2 Initiative Title:Prioritize fund����ing for cybersecurity research Initiative Number:3.4.3 Initiative Title:Prioritize cybersecurity research,development,and demonstration on social,behavioral,and economic research in cybersecurity Initiative Description Through grant awards in F
196、iscal Year 2024,the National Science Foundation will invest in increasing understanding of individual and societal impacts on cybersecurity,and the impacts of cybersecurity on individuals and society,through research in cyber economics,human factors,informatio��������������n integrity,and related topics.NCS Refer
197、ence The Federal Government will also prioritize funding for cybersecurity research,development,and demonstration(RD&D)programs aimed at strengthening critical i�����nfrastructure cybersecurity and resilience.Responsible Agency:NSF Completion Date:4Q FY24 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PL
198、AN VERSION �����2 42 Strategic Objective 3.5:Leverage Federal Procurement to Improve Accountability Initiative Number:3.5.1 Initiative Title:Implement Federal Acquisition Regulation(FAR)changes required under Executive Order 14028 Initiative Description The Office of Management and Budget,acting through
199、the Office of Federal Procurement Policy,will work with the Federal Acquisition Regulatory Council to propose changes to the FAR required under EO 14028.Through the release of draft rule�����s(cybersecurity incident reporting,standardizing cybersecurity contract requirements and secure software)public co
200、mment will be considered before the changes are finalized.NCS Reference EO 14028,“Improving the Nations Cybersecurity,������”expands upon this approach,ensuring that contract requirements for cybersecurity are strengthened and standardized across Federal agencies.Responsible Agency:OMB Comple������tion Date:1Q
201、FY24 Initiative Number:3.5.2 Initiative Title:Leverage the False Claims Act to improve vendor cybersecurity Initiative Description The Department of Justice will expa������nd efforts to identify,pursue,and deter knowing failures to comply with cybersecurity requirements in Federal contracts and grants wit
202、h the aim of buildi��������ng resilience,increasing vulnerability disclosures,reducing the competitive disadvantage for responsible vendors,and recovering damages for affected Federal programs and agencies.NCS Reference The Civil Cyber-Fraud Initiativ��������e(CCFI)uses DOJ authorities under the False Claims Act to
203、 pursue civil actions against government grantees and contractors who fail to meet cybersecurity obligations.The CCFI will hold accountable entities or ����individuals that put U.S.information or systems at risk by knowingly providing deficient cybersecurity prod�����ucts or services,knowingly misrepresentin
204、g their cybersecurity practices or protocols,or k������nowingly violating obligations to monitor and report cyber incidents and breaches.Responsi����ble Agency:DOJ Completion Date:4Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 43 Strategic Objective 3.6:Explore a Federal Cyber Insurance
205、 Backstop Initiative Nu�����mber:3.6.1 Initiative Title:Assess the need for a Federal insurance response to a catastrophic cyber event NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 44 Pillar Four:Invest in a Resilient Future Strategic Objective 4.1:Secure the Technical Foundation of the I
206、nternet Initiat������ive Number:4.1.1 Initiative Title:Lead the adoption of network security best practices Initiative Number:4.1.2 Initiative Title:Promote open-source software security and the adoption of memory-safe programming languages Initiative Number:4.1.3 Initiative Title:Accelerate development,s
207、tandardization,and ado�������ption of foundational Internet infrastructure capabilities and technologies NATIONAL C�����YBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 45 Initiative Number:4.1.4 Initiative Title:Accelerate the development and standardization,and support the adoption,of foundational Internet
208、 infrastructure capabilities and technologies Initiative Description The National Institute of Standards and Technology will collaborate with the interagency,industry,academia,and other communities to address Border Gateway Protocol(BGP)an�������d Internet Protocol Version 6(IPv6)security gaps by driving d
2������09、evelopment,commercialization,and adoption of international standards.NCS Reference The Internet is critical to our future but retains the fundamental structure of its past.We must take steps to mitigate the most urgent of these pervasive concer�����ns such as Border Gateway Protocol vulnerabilities,unenc
210、rypted Domain Name System requests,and the slow adoption of IPv6 Preserving and extending the open,free,global,interoperable,reliable,and secure Internet requires sustained e�����ngagement in standards development processes to instill o�����ur values and ensure that technical standards produce technologies th
211、at are more secure and resilient.Responsible Agency:NIST Completion Date:4�������Q FY24 Initiative Number:4.1.5 Initiative Title:Collaborate with key stakeholders to drive secure Interne�������t routing Initiative Description The Office of the National Cyber Director,in conjunction with key stakeholders and appro
212、priate Federal Government entities,will develop a roadmap to increase the adoption of secure Internet routing techniques and technology by:(1)identifying security challenges;(2)exploring approaches and options to address Internet routing and �������BGP security concerns;(3)identifying and informing the dev
213、elopment of best practices;(4)identifying needed research and development;and(5)identifying barriers to adoption and alternate mitigation approaches.NCS Reference The Internet is critical to our future but retains the fundamental structure of its past.We must take steps to mitigate the most ��������urgent o
214、f these pervasi�������ve concerns such as Border Gateway Protocol vulnerabilities,unencrypted Domain Name System requests,and the slow adoption of iPv6 Preserving a�������nd extending the open,free,global,interoperable,reliable,and secure Internet requires sustained engagement in standards development processes t
215、o instill our values and ensure that tech�����nical standards produce technologies that are more secure and resilient.Responsible Agency:ONCD�������� Contributing Entities:DOJ,CISA,FCC,NIST,NSA,NTIA,OSTP Completion Date:3Q FY24 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 46 Initiative Number:4.
216、1.6 Initiative Title:Implement the roadmap for the adoption of secure Internet routing techniques and technol�������ogy Initiative Description The Office of the National Cyber Director,in coordination with key stakeholders and appropriate f����ederal government entities,will promote federal government and priv
217、ate sector adoption of secure Internet routing techniques and technology,such as Border Gateway Protocol Resource Public Key Inf����rastructure Route Origin Authorization(RPKI ROA),in alignment with the defined metrics and milestones identified in the roadmap developed under NCSIP initiative 4.1.5.NCS R
218、eference We must take steps to mitigate the most urgent of these pervasive concerns such as Border Gateway Protocol vulnerabili���ties,unencrypted Domain Name System requests,and the slow adoption of IPv6.Such a“clean up”effort to reduce systemic risk requires identification of the most pressing of the
219、se security challenges,further development of effective security measures,and close collaboration between public and private sectors to reduce our risk e����xposure without disrupting the platforms and services built atop this infrastructure.The Federal Government willpartner with stakeholders to develo
220、p and drive adoption of solutions that will improve the security of����� the Internet ecosystem and support research to understand and address reasons for slow adoption.Responsible Agency:ONCD Contributing Entities:DOJ,ODNI,CISA,NIST,NSA,NTIA,FCC,OMB Completion Date:3Q FY25 NATIONAL CYBERSECURITY STRATEG
221、Y IMPLEMENTATION PLAN VERSION 2 47 Initiative Number:4.1.7 Initiative������ Title:Promote secure and measurable software solutions across the building blocks of cyberspace Initiative Description The Office of the National Cyber Director will convene public and private sector experts to identify cybersecur
222、ity approaches that may eliminate classes of�������� vulnerabilities at scale by securing the building blocks of cyberspace,including programming languages,hardware architectures,and formal methods.NCS Reference Many of the technical foundations of the digital ecosystem are inherently vulnerableSuch a“clean
2������23、-up”effort to reduce systemic risk requires identification of the most pressing of these security challenges,further development of effective security measures,and close collaboration between public and private sectors������ to reduce our risk exposure without disrupting the platforms and services built a
224、top this������ infrastructure.Responsible Agency:ONCD Contributing Entities:CISA,NSA Completion Date:4Q FY24 Initiative Number:4.1.8 Initiative Title:����Promote a more secure open-source software ecosystem Initiative Description The Office of the National Cyber Director,through the Open-Source Software Secur
225、ity Initiative(OS3I),will continue to lead and promote open-source softwa��������������re security across the Federal government,and work with the OSS community to strengthen the OSS ecosystem.Through the OS3I Working Group,chaired by ONCD,OS3I members will continue to convene the OSS community,advance the progre
226、ss toward converting to memory safe programming languages,and promote investments to secure OSS ecosystems.�������NCS Referenc�������e The Federal Government will lead by ensuring that its networks have implemented these and other security measures while partnering with stakeholders to develop and drive adoption
227、of solutions that will improve the security of the Internet ecosystem and suppor�����t research to understand and address reasons for slow adoption.Responsible Agency:ONCD Contributing Entities:DoD,CISA,NSF,OMB Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 48 Strat
228、egic Objective 4.2:Reinvigorate Federal Research and Development for Cybersecurity Initiative Number:4.2.1 Initiative Title:Accelerate maturity,adoption,an������d security of memory-safe programming languages NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 49 Strategic Objective 4.3:��������Prepare
229、for Our Post-Quantum Future Initiative Number:4.3.1 Initiative Title:Implement National Security ������Memorandum-10 Initiative Description The Office of Management and Budget and the National Manager for National Security Systems,in coordination with ONCD,will continue to prior������itize implementation of Nat
230、ional Security Memorandum-10 and transitioning vulnerable publ������ic networks and systems to quantum-resistant cryptography-based environments,focusing first on Federal information systems and NSS.OMB will work with NIST to develop complementary mitigation strategies to provide cryptographic agility in
231、the face of unknown future risks.NCS Reference The Federal Government will prioritize the transition of vulnerab������l������e public networks and systems to quantum-resistant cryptography-based environments and develop complementary mitigation strategies to provide cryptographic agility in the face of unknown
232、future risks.Responsible Agency:OMB Contributing Entities:NSA,ONCD Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION����� PLAN VERSION 2 50 Initiative Number:4.3.2 Initiative Title:Implement NSM-10 for National Security Systems(NSS)Initiative Description Implement the transition of N
233、SS to quantum-resistant cryptography.NCS Reference The Federal Government will prioritize the transition of vulnerable public networks and systems to quantum-resistant cryptography-based environments and develop complementary mitigation strategies to provide cryptogra�����phic agility in the face of unkn
234、own future risks.Responsible Agency:NSA Contributing Entities:DoD,ODNI Completion Date:3Q FY25 Initiative Number:4.3.3 Initiative Title:Standardize,and support transition to,post-quantum cryptographic algorithms Initiative Description The N�������ational Institute of Standards and Technology will finalize
235、its process to solicit,evaluate,and standardize one or more quantum-resistant public-key cryptographic algorithms.New public-key cryptography standards will specify one or more additional unclassified,publicly-disclosed digital����� signature,publi������c-key encryption,and key-establishment algorithms that ar
236、e available wo����rldwide,and are capable of protecting sensitive government information well into the foreseeable future,including after the advent of quantum computers.NCS Reference To balance the promotion and advancement of quantum computing against threats posed to digital systems,NSM 10,Promoting
237、United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems,establishes a process for the timely transition of the countrys cryptographic systems to intero������perable quantum-resistant cryptography.Responsible Agency:NIST Completion Date:1Q FY25 ������NATIONAL CYBE
238、RSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 51 Strategic Objective 4.4:Secure Our Clean Ener�������gy Future Initiative Number:4.4.1 Initiative Title:Drive adoption of cyber secure-by-design principles by incorporating them into Federal projects Initiative Number:4.4.2 Initiative Title:Develop a plan
239、to ensure the digital ecosyste���������m can support and deliver the U.S.Governments decarbonization goals Initiative Number:4.4.3 Initiative Title:Build and refine traini������ng,tools,and support for engineers and technicians using cyber-informed engineering principles Initiative Description The Department of En
240、ergy will work with stakeholders to build on the National Cyber-Informed Engineering Strategy to advance the training,tools,and support for engineers and technicians to enable them to design,build,and operate operational technology and control systems that are secure-and resilient-by-desig������n.NCS Refe
241、rence t������he Administration will seize this strategic opportunity to build in cybersecurity proactively through implementation of the Congressionally-directed Nation��������al Cyber-Informed Engineering(CIE)Strategy,rather than developing a patchwork of security controls after these connected devices are widel
242、y deployed.Responsible Agency:DOE Contributing Entities:NIST Completion Da������te:4Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLA�����N VERSION 2 52 Initiative Number:4.4.4 Initiative Title:Implement a plan to promote a digital ecosystem that can support and deliver the U.S.Governments decarbonizat
243、ion goals Initiative Description The Office of the National Cyber Director,working with the Office of Domestic Climate Policy(CPO),the Department of Energy,and interagency partners,will implement year-one activities tied to a plan to ensure that the digital ecosystem is more prepared to inco��������rporate
244、the novel technologies and dynamics necessary to support the clean energy transition.The plan will coordinate whole-of-government activities to integrate cybersecurity best p������ractices into foundational technologies that drive the clean energy transition,such as batteries,inverters,and electric vehicl
245、es.NCS Reference As the United States makes a generational investment in new energy infrastructure,the �����Administration will seize this strategic opportunity to build in cybersecurity proactively through implementation of the Congressionally-directed National Cyber-Informed Engineering Strategy,rather
246、 than developing a patchwork of security controls after these connected devices are widely deploy������ed.The Administration is coordinating the work of stakeholders across the Federal Government,industry,and SLTT to deploy a secure,interoperable network of electric vehicle chargers,zero-emission fueling
247、infrastructure,and z�����ero-emission transit and school buses.Responsible Agency:ONCD Contributing Entiti�����es:DOE,CPO,NEC,OSTP Completion Date:2Q FY25 Initiative Number:4.4.5 Initiative Title:Drive the development and adoption of cybersecurity principles for electric distribution and Distributed Energy Re
248、sources(DER)in partnership with energy sector stakeholders Initiative Description The Department of Energy will work with industry,States,Federal regulators,and other agencies,as appropriate to develop cybersecurity baselines for electric dist�����ribution and Distributed Ener������gy Resources.NCS Reference D
249、OE will also continue to promote cybersecurity for electric distribution and di��������stributed energy resources in partnership with industry,States,Federal regulators,Congress,and other agencies.�����Responsible Agency:DOE Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 53
250、 ������Strategic Objective 4.5:Support Development of a Digital Identity Ecosystem Initiative Number:4.5.1 Initiative Title:Advance research and guidance that supports innovation in the digital identity ecosystem through������ public and private collaboration Initiative Description The National Institute of Sta
251、ndards and Technology will advance research and guidance to continue supporting innovation in the digital identity ecosystem through public an������d private collaboration.This initiative may include:publishing digital identity guidelines,evaluating facial recognition and analysis technology,and publishin
252、g considerations for Attribu�������te Validation Services.NCS Reference The Federal Government will encourage and enable investments in strong,verifiabl������e digital identity solutions that promote security,accessibility and interoperability,financial and social inclusion,consumer privacy,and economic growth.B
253、uilding on the NIST-led digital identity research program authorized in the CHIPS and Scien�������ce Act,these efforts will include strengthening the security of digital credentials;providing attribute and credential validation services;conducting foundational research;updating standards,guidelines,and gov
254、ernance processes to support consistent use and i������nteroperability;and develop digital identity platforms that promote transparency and measurement.Responsible Agency:NIST Contributing Entities:DHS,GSA Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 54 Strategic O
255、bjective 4.6:Develop a National Strategy to Strengthen Our Cyber Workforce Initiative Number:4.6.1 Initiative Title:Publish a National Cyber Workforce and Education Strategy and track its implementation Initiative Number:4.6.2 Initiative Title:Implement and report on t������he National Cyber Workforce and
256、 Education Strategy Initiative ��������Description The Office of the National Cyber Director will continue to implement the National Cyber Workforce and Education Strategy,and report on progress toward implementation.ONCD will work with Federal partners,state,local,Tribal,and territorial governments,educati
257、on agencies,academia,libraries,community-based organizations,and bus������inesses to develop a playbook to expand cyber workforce and education ecosystems,and broaden on-ramps into cyber careers to increase the nations capacity to meet growing demands for cyber workers.NCS Reference To address this challe
258、nge,ONCD will lead the development and oversee implementation of a National Cyber Workforce and Education Strategy.Responsib������le Agency:ONCD Completion Date:4Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEM���ENTATION PLAN VERSION 2 55 Initiative Number:4.6.3 Initiative Title:Promote skills-based hiring pra
259、ctices Initiative Description The Office of the National Cyber Director,in collaboration with the Office of Personnel Management(OPM)������������and OMB,will work with Federal agencies to remove minimum education requirements,such as college degrees,from federal acquisition contracts,Position Descriptions,and J
260、ob Opportunity Announcements for occupations that do not have an education requirement.OPM will develop skills-based hiring assessments for use by federal departments and agencies.ONCD will encourage the private sector to promote skills-based hiring practi�����ces for cyber positions.NCS Reference To add
261、ress this challenge,ONCD will lead the developm�������ent and oversee implementation of a National Cyber Workforce and Education Strategy.Responsible Agency:ONCD Contributing Entities:OPM,OMB Completion Date:1Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 56 Pillar Five:Forge Internat
262、ional Partnerships to Pursue Shared Goals Strategic Objective 5.1:Build Coalitions to Counter Threats to Our Digital Ecosystem Initiative Number:5.1.1 Initiative Title:Create interagency teams �����for regional cyber collaboration and coordination Initiative Description The Department of State will devel
263、op department staff knowledge and skills related to cyberspace and digital policy that can �������be used to establish and strengthen country and regional interagency cyber teams to facilitate coordination with partner nations.NCS Reference the United States and international counterparts can advance commo
264、n cybersecurity interests by sharing cyber threat information,exchanging model cybersecurity practices,comparing sector-specific expertise,driving secure-by-design principles,and coordinating policy and incident response activit��������ies.Responsible Agency:State Contributing Entities:Commerce,DHS,DOJ,CISA
265、,FBI,USAID Completion Date:1Q F�������Y25 NATIONAL CYBERSECURITY STRATE�����GY IMPLEMENTATION PLAN VERSION 2 57 Initiative Number:5.1.2 Initiative Title:Publish an International Cyberspace and Digital Policy Strategy Initiative Number:5.1.3 Initiative Title:Strengthen Federal law enforcement collaboration mecha
266、nisms with allies and partners Initiative Description The FBI will develop or expand mechanisms to ensure coordination with allies and partners in efforts to increase the volume and speed of international law enforcements disruption campaigns against cyb������ercriminals and nation-state adversaries,and a
267、ssociated enablers(e.g.,money launderers).NCS Reference The United States will work with its allies and partners to develop new collaborative la�����w enforcement mechanisms for the digital age:(1)T���he United States and international counterparts can advance common cybersecurity interests by sharing cyber
268、 threat������� informationand coordinating policy and incident response activities;and(2)the United States will collaboratively disrupt transnational criminals and other malicious cyber actors,build the capacity of our international allies and partners,.and punish those that engage in disruptive,destructiv
269、e,or destabilizing malicious cyber activity�������.Responsible Agency:FBI Contributing Entities:DHS,DoD,DOJ,State,Treasury Completion Date:4Q FY25 Initiative Number:5.1.4 Initiative Title:Regional cyber hubs study Initiative Description The Office of the National Cyber Director will commission a study on t
270、he European Cybercrime Centre to inform the develo�������pment of future cyber hubs.NCS Reference To extend this model,we will support efforts to build effective hubs with partners in other regions.Responsible Agency:ONCD Contributing Entities:DOJ,State,FBI Completion Date:4Q FY24 NATIONAL CYBERSECURITY ST
271、RATEGY IMPLEMENTATION PLAN VERSION 2 58 Initiative Number:5.1.5 Initiative Title:Implement the International Cyberspace and Digital Policy Strategy Initiative Description The Department of State will implement the International������ Cyberspace and Digital Policy Strategy,and report progress of implementa
272、tion.Through short to mid-term initiatives,State will promote meaningful connectivity,shape responsible state behavior in cyberspace,and enhance rights-respecting int����ernational cooperation.Through active engagement with partners,State will counter threats to ���cyberspace and our critical infrastructur
273、e,create and maintain secure d�������igital ecosystems,strengthen international partner digital and cyber capacity,and develop tools to deliver digital and cyber assistance quickly and efficiently.NCS Reference .the United States will work to scale the emerging �����model of collaboration by national cybersecur
274、ity stakeholders to cooperate with the international community.We will expand coalitions,collaboratively disrupt transnational criminals and other malicious cyber ac�������tors,build the capacity of our international allies and partners,reinforce the applicability of existing international law to state beh
275、avior in cyberspace,uphold globally accepted and voluntary norms of responsible state behavior in peacetime,and punish those that engage in disruptive,destructive,or destabilizing malic��������ious cyber activity.Responsible A�����gency:State Completion Date:2Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION
276、 PLAN VERSION 2 59 Strategic Objective 5.2:Strengthen International Partner Capacity Initiative Number:5.2.1 Initiative Title:Strengthen international partners cyber capacity Initiative Number:5.2.2 Initiative Title:Expand international partners cyber capacity ����through operational law enforcement col
277、laborati����on Initiativ������e Description Federal law enforcement will increase operational collaboration with international peer and near-peer law enforcement partners,thereby increasing such partners capacity to disrupt the most significant cyber threats at a speed and scale that matches U.S.law enforceme
278、nts own goals.NCS Reference We must enable our allies and partners tobu������ild law enforcement capacity and effectiveness through operational collaboration Responsible Agency:DOJ Contributing Entities:�������State,FBI,HSI,USSS Completion Date:4Q FY26 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION
279、2 60 Strategic Objective 5.3:Expand U.S.����Ability to Assist Allies and Partners Initiative Number:5.3.1 Initiative Title:Establish flexible foreign assistance mechanisms to provide cyber incident response support quickly NATIONAL CYBERSECURITY STRATEGY IMPLEMENTA�������TION PLAN VERSION 2 61 Strategic Object
280、ive 5.4:Build Coalitions to Reinforce Global Norms of Responsible State Behavior Initiative Number:5.4.1 Initiative Title:Hold irresponsible states accountable when they fail to uphold their commitments Initiative Description The Department������ of State will work through the Open-Ended Working Group to
281、advance the framework of responsible state behavior in cyberspace and strengthen the coalition of states willing to hold malign actors responsible.NCS Reference The United States,as a core part of its renewed,active diplomacy,will hold irresponsible states accountable when they f�������ail to uphold their
282、commitments.To effectively constrain our adversaries and counter malicious activities below the threshold of������ armed confli����ct,we will work with our allies and partners to pair statements of condemnation with the imposition of meaningful consequences.Responsible Agency:State Contributing Entities:DoD,D
283、OJ,FBI Completion Date:4Q FY25 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 62 Strategic Objective 5.5:Secure Global Supply Chains for Information,Communications,and Operational Technology Produ������cts and Services Initiative Number:5.5.1 Initiative Title:Promote the development of secu
284、re and trustworthy information and communication technology(ICT)networks and services Initiative Number:5.5.2 Initiative Title:Promote a more diverse and resilient supply chain of trustworthy information and communication(ICT)vendors Initiative Number:5.5.3 In�������itiative Title:Begin administering the P
285、ublic Wireless Su����pply Chain Innovation Fund(PWSCIF)Initiative Number:5.5.4 Initiative Title:Promulgate and amplify Cybersecurity Supply Chain Risk Management(C-SCRM)key practices across and within critical infrastructure sectors Initiative Description Increase trust in foreign suppliers through the
286、promulgation and amplification of C-SCRM best practices at home and abroad though a Software Supply Chain Security ������National Cybers�������ecurity Center of Excellence Project.NCS Reference This dependency on critical foreign products and services from untrusted suppliers introduces multiple sources of syste
287、mic risk to our digital ecosystem.Mitigating this risk will require long-term,strategic collaboration between public and private sectors at home and abroad to reb�����alance global supply chains and make them more transparent,secure,resilient,and trustworthy����.Responsible Agency:NIST Completion Date:2Q FY2
288、5 NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 6����3 In�������itiative Number:5.5.5 Initiative Title:Develop guidance for secure development and manufacturing of semiconductors Initiative Description The National Institute of Standards and Technology,in collaboration with the interagency and
289、the semiconductor industry,will develop guidance for securing semiconductor development and ma������nufacturing.This will include recommendations on securing semiconductors and a Cybersecurity Framework Profile tailored to the semiconductor manufacturing industry.NCS Reference .Extending this model to oth
290、er critical technologies will require long-term,strategic collaboration between public and private sectors at home and abroad to rebalance global supply chains and make the�����m more secure,resilient,and trustworthy.Responsible Agency:NIST Contributing Entities:DoD,NSA,ONCD Completion Date:3Q FY25 NAT�����IO
291、NAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 64 Initiative Number:5.5.6 Initiativ�����e Title:Continue to award PWSCIF grants to support the development of open and interoperable wireless networks Initiative Description The National Telecommunications and Information Administration(NTIA)will
292、continue to catalyze the development and adoption of open,interoperable,and standards-based networks through administration of the 10-year,$1,500,000,000 PWSCIF.Through these critical investments,NTIA will strengthen supply chain resiliency,drive innovation,and foster competition�����.NCS Reference .and
293、National Telecommunications and Information Administrations(NTIA)work to catalyze the development and adoption of open,interoperable,and standards-based networks through the Public Wireless Supply Chain Innovation Fund.Responsible Agency:NTIA Contributing Entities:D������HS,DoD,ODNI,NIST,FCC Completion Da
294、te:3Q FY24 NATIONAL CYBERSECURITY STRATEGY IMPLE����MENTATION PLAN VERSION 2 65 Implementation-wide Initiatives Implementation 6.1:Assessing Effectiveness Initiative Number:6.1.1 Initiative Title:Report progress and effectiveness on implementing the National Cybersecurity Strategy Initiative Description
295、 The Office of the National Cyber Director will assess the effectiveness of this strategy,associated policy,and follow-on actions and provide the first annual report to the President,the Assistant to the President for National Security Affairs,and Congress.NCS Reference ONCD,in �����coordination with NSC
296、 staff,OMB,and departments and agencies,will assess the effectiveness of this strategy and report annually to the President,t�������he Assistant to the President for National Security Affairs,and Congress on the effectiveness of this strategy,associated policy,�����and follow-on actions in achieving its goals.R
297、esponsible Agency:ONCD Contributing Entities:OMB Completion Date:3Q FY24 Initiative Number:6.1.2 Initiative Title:Apply lessons learned to the National Cybersecurity Strategy implementation Initiative Number:6.1.3 Initiative Title:A�����lign budgetary guidance with National Cybersecurity Strategy impleme
298、ntation NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 66 Acronyms Used 1Q First Quarter 2Q Second Quarter 3Q Third Quart�������er 4Q Fourth Quarter AML Anti-Money Laundering BGP Border Gat�������eway Protocol CCFI Civil Cyber-Fraud Initiative CFT Countering the Financing of Terrorism CHIPS Creatin
299、g Helpful Incentives to Produce Semiconductors CIA Central Intelligence Agency CIE Cyber-Informed Engineering CIRCIA Cyber Incident �����Reporting for Critical Infrastructure Act CISA Cybersecurity and Infrastructure Security Agency CPO White House Climate Policy Office C-SCRM Cybersecurity Supply Chain
300、Risk Management CSF Cybersecurity Framework CSRB Cyber Safety Review Board CTIIC Cyber Threat Intelligence Integration Center DER Distributed Energy Resources DHS Department of Homeland Securit������y DoD Department of Defense DOE Department of Energy DOJ Department of Justice Education Department of Educ
301、ation EO Executive Order EPA Environmental Protection Agency ETAC Energy Threat and Analysis Center FAR Federal Acquisition Regulation FATF Financial Action Task Force FEMA Federal Emergency Management Agency NATIONAL CYBERS������ECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 67 FBI Federal Bureau of Inve
302、stigation FCC Federal Co����mmunications Commission FC�������EB Federal Civilian Executive Branch FY Fiscal Year GSA General Services Administration HHS Department of Health and Human Services HSI Homeland Security Investigations IaaS Infrastructure-as-a-Service ICT Information and Communication Technology IoT
303、 Internet of Things IPv6 Internet Protocol ve�����rsion 6 ISAC Information Sharing and Analysis Center ISAO Information Sharing and Analysis Organization JRTF Joint Ranso�������mware Task Force(Co-chaired by CISA and FBI;membership includes DHS,DoD,DOJ,ODNI,State,Treasury,CIA,NSA and USSS)NCIJTF National Cyber
304、Investigative Joint Task For������ce(Led by the FBI;membership includes CIA,CISA,NSA,USSS)NCIRP Nati����onal Cyber Incident Response Plan NCS National Cybersecurity Strategy NCSIP National Cybersecurity Strategy Implementation Plan NEC National Economic Council NIST National Institute of Standards and Technol
305、ogy NPRM Notice of Proposed Rulemaking NSA National Security Agency NSC National Security Council NSF Natio�������nal Science Foundation NSM National Security Memorandum NSS National Security Systems NTIA National Telecommunications and Information Administration ODNI Office of the Director for National In
306、telligence OMB Office of Management and����� Budget ONCD Office of th������e National Cyber Director OPM Office of Personnel Management NATIONAL CYBERSECURITY STRATEGY IMPLEMENTATION PLAN VERSION 2 68 OS3I Open-Source Software Security Initiative OSTP Office of Science and Technology Policy PPD Presidential Po
307、licy Directive PWSCIF Public Wireless Supply Chain Innovation Fund R&D Research and Development RD&D Research,development,and demonstration RPKI ROA Remote Private Key Iden����tification Route����� Origin Authentication RUS Rural Utilities Service SBOM Software Bill of Materials SLTT State,local,Tribal,and t
308、erritorial SRMA Sector Risk Management Agency*State Department of State TMF Technology Modernization Fund Treas�����ury Department of t�������he Treasury USAID United States Agency for International Development USDA U.S.Department of Agriculture USSS United States Secret Service *Each critical infrastructure se
309、ctor has a designated SRMA as id�����entified in National Security Memorandum on Critical Infrastructure Security and Resilience(NSM-22),and is listed below:Chemical Sector Department of Homeland Security Commercial Facilities Sector Department of Homeland Security Communications Sector Department of H������om
310、eland Security Critical Manufacturing Sector Department of Homeland Security Dams Sector Department of Homeland Security Defense Industri�����al Base Sector Department of Defense Emergency Services Sector Department of Homeland Security Energy Sector Department of Energy Financial Services Sector Departm
311、ent of the Treasury Food and Agriculture Sector Department of Agriculture and Department of Health and Human Services Government Services and Facilities Sector Department o���f Homeland Security and General Services Administration Healthcare and Public Health Sector Department of Health and Human Servi
312、ces NATIONAL CYBERSECURITY STRATEGY IMPLEMENTA����TION PLAN VERSION 2 69 Infor������mation Technology Sector Department of Homeland Security Nuclear Reactors,Materials,and Waste Sector Department of Homeland Security Transportation Systems Sector Department of Homeland Security and Department of Transportation Water and Wastewater Systems Sector Environmental Protection Agency
sgpjbg002
工作日 8:30 - 17:30
会员动态:
报告分类
新质生产力
ChatGPT
新能源汽车
大模型
Sora
机器人
微短剧
芯片
薪酬
白皮书
低空经济
数据要素
创新药
人工智能
AI产业
信息科技
互联网
消费经济
汽车交通
电商零售
传媒娱乐
医药健康
投资金融
能源环境
地产建筑
传统产业
英文报告
其它
扫码登录
手机快捷登录
账号登录
