2 min read
On July 10, 2024, the White House released a new memo regarding the Biden administration’s cybersecurity investment priorities, initially proposed in July 2022. This new memorandum now marks the third time the Office of the National Cyber Director (ONCD), headed by Harry Coker, has released updated priorities and outlined procedures regarding the five core pillars of the National Cybersecurity Strategy Implementation Plan (NCSIP), now relevant through fiscal year 2026.
In the latest annual version of the budget memo, a more strategic shift has been introduced with a focus on zero trust principles in organizations and improved collaboration between the public and private sectors.
Some of the key highlights of this newest memo include:
The memo reinforces President Biden’s proposed five pillars of the National Cybersecurity Strategy (NCS), which are:
Agencies are now required to submit their zero trust implementation strategies within 120 days. This includes documentation of their current and targeted maturity levels for high-value systems.
Before budgets are submitted, Sector Risk Management Agencies (SRMAs) need to demonstrate how they prioritize the various risk management elements outlined in the National Security Memorandum 22 (NSM-22).
Renewed emphasis is being placed on addressing the recruiting, hiring and retention challenges in the federal cyber workforce. This includes introducing more flexible hiring requirements and removing specific degree requirements when appropriate.
The FY26 memo directs federal agencies to allocate resources for transitioning critical and sensitive networks and systems to quantum-resistant cryptography. This includes developing and implementing new cryptographic algorithms resistant to quantum attacks.
Industry newsletter
Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.
Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.
Over the past few years, the Biden administration has introduced a radical approach to cybersecurity resilience, painting federal cybersecurity priorities and strategies in a much more serious tone than before.
The establishment of the ONCD back in February 2021 marked an important step forward in the country’s response to the escalating dangers of today’s modern cybersecurity threats.
Since then, the eyes have been on the ONCD to help strengthen the nation’s cyber defenses, using the introduction of the NCSIP as a way to lead this effort. When reviewing the suggested updates and amendments between the first and third iterations of this policy, it’s clear that Coker is making some progressive improvements.
In just a couple of years, the NCSIP has expanded its scope to be much more actionable, listing clearer directives toward improving the nation’s cybersecurity infrastructure, increasing collaboration between public and private sectors, and improving the government’s ability to respond to cyber threats.
The ONCD’s role is starting to become more of a proactive influencer when it comes to federal cybersecurity policy-making. Stepping away from the broad categorization of cybersecurity initiatives to more specific deadlines surrounding agency requirements on zero trust implementation planning and explicit mandates for quantum-resistant cryptography readiness, it’s clear that the ONCD is becoming more confident in what it can ask of the federal government.
As we move forward, it’s fair to say we’ll continue to see more refinements of the NCSIP with increasingly more detailed guidance and requirements for agencies to follow.