National Cyber Director (NCD) Chris Inglis today previewed some themes from the national cybersecurity strategy that he’s working on – and said the long-awaited strategy should be publishing within the next couple of months.
At the Mandiant Worldwide Information Security Exchange (mWISE) event on Oct. 19, Inglis said that while the strategy will be labeled as the “U.S. National Cybersecurity Strategy,” it must also work in an international context – as well as for the private sector.
“We need to make sure that we understand whose strategy this is,” Inglis said.
“As we’ve developed this strategy, we’ve not only taken the material influence of all the agencies and departments in the Federal bureaucracy and gone to state and local and territorial, but of the 300 engagements we have, about two-thirds of those are in the private sector so that we can actually make sure it’s a strategy that works for all of us, mobilizes all of us, and gives all of us an opportunity to not just influence the strategy, but to ultimately take a role and participate in what that strategy will drive,” he explained.
Inglis went on to explain that the strategy needs to work for everyone – not just the folks who have cybersecurity and IT in their job titles. Collaboration, Inglis said, will be the “hallmark at the core” of the strategy, because “there are things we can only do together; there are things we can only discover and address together.”
If the strategy is successful in deciphering everyone’s various roles and responsibilities in a collaborative cyberspace, then he said the United States will have “at best, a defensible enterprise, not a secure enterprise – it won’t defend itself.”
Inglis also stressed that while the strategy is focused on cybersecurity, “it will make the declaration that the only reason we care about cyber is the functions that ride on top of it.”
“At the end of the day, it will address market forces, it will address the international domain, it will address how do we actually get critical infrastructure into the right place, and it will address the three dimensions of cyberspace – not just technology, but roles and responsibilities in the people piece as well,” Inglis said.
“People are at the center, the core of cyberspace. That’s why we have cyberspace, that’s why we care about cyberspace,” he emphasized. “So, all of those things will be in that package and hopefully in a way that it’s readable.”
As for when to expect release of the strategy, Inglis said that depends on the politics of Washington, D.C.
“It’ll probably come out in the next month or two or three, kind of given the processes that exist in Washington,” Inglis said. “Having said that, it will be in the context of the National Security Strategy. It will be the work of the collective whole of everyone we’ve engaged and hopefully, it will mobilize our efforts so that we can achieve in and through cyberspace those things that we depend upon it to deliver for us.”