U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security
The U.S. federal government’s National Cybersecurity Strategy charts a course toward a stronger, more secure and more resilient future.
The Office of the National Cyber Director (ONCD) has released its new National Cybersecurity Strategy (NCS), which provides strategic guidance for how the United States should protect its digital ecosystem against malicious criminal and nation-state actors. The new strategy marks a fundamental shift in how the U.S. allocates roles, responsibilities and resources in cyberspace — both from a defensive posture as well as a long-term investment play.
Perhaps the most significant departure from previous practices is that the new strategy is focused on “cybersecurity” rather than “cyber strategy,” and therefore does not address influence operations or disinformation. (For reference, the U.S. government operates from a definition of “cybersecurity” communicated in 2008 under NSPD-54 and HSPD-23.)
The National Cybersecurity Strategy is built around five pillars:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
We’ll look at each of these pillars and summarize how SonicWall is positioned to support and align with the overall strategy.
Pillar One: Defend Critical Infrastructure
This pillar is interesting, as it addresses the need for an even playing field vis-à-vis regulation and aims to ensure a consistent, performance-based and data-based application of cybersecurity across all infrastructure.
According to the strategy, a minimum set of cybersecurity requirements should be set across critical infrastructure sectors, as well as non-regulated entities. These regulations should leverage existing cybersecurity frameworks, such as the NIST Framework for Improving Critical Infrastructure Cybersecurity and CISA’s Cybersecurity Performance Goals.
How SonicWall helps defend critical infrastructure:
SonicWall is in accord with pillar one and is currently working to align with and conform to NIST SSDF and NIST Zero Trust Architecture standards. Defending critical infrastructure requires a multi-layered approach that includes proactive measures such as risk assessments, vulnerability scanning, and regular security updates, as well as reactive measures such as incident response planning and disaster recovery strategies.
SonicWall provides several security solutions that align with this multi-layered approach, including (but not limited to) firewall protection, intrusion prevention, VPN security, advanced threat protection, endpoint detection and response, email security, and zero-trust network access, along with a centralized management platform.
SonicWall understands the various use cases, certification requirements and compliance thresholds that must be met, and we will continue to work with federal agencies and state-regulated entities to help support and defend critical infrastructure.
Pillar Two: Disrupt and Dismantle Threat Actors
The second pillar is straightforward and doesn’t stray too far from previous practices. Instead, it enhances these prior practices and clarifies what needs to be done at the federal level for cybersecurity optimization. This pillar’s strategic objective is to “counter cybercrime and defeat ransomware.”
How SonicWall helps disrupt and dismantle threat actors:
It’s worth noting that Phishing has become the most frequently used ransomware attack vector in the last few years. SonicWall knows a thing or two about phishing, and is well suited to disrupt and mitigate this threat using Email Security. SonicWall Email Security protects against targeted phishing attacks by blocking ransomware and zero-day malware via attachment sandboxing, machine learning, and advanced analysis techniques like Domain-based Message Authentication, Reporting and Conformance (DMARC). We helped defend against 493.3 million ransomware attacks in 2022, and will continue to help defeat and disrupt ransomware (and ransomware-as-a-service, or RaaS) in 2023 and beyond.
Pillar Three: Shape Market Forces to Drive Security and Resilience
Pillar three takes direct aim at software providers that fail to take “reasonable precautions” to secure their software. “Too many vendors ignore best practices for secure development, ship products with insecure default configurations or known vulnerabilities, and integrate third-party software of unvetted or unknown provenance,” the report states.
It then calls for legislation to shift liability to software providers that are negligent in this capacity, both within the federal government’s software supply chain and in consumer IoT devices. The call for a liability shift is combined with support for a “safe harbor” that would shield from liability companies that securely develop and maintain software products and services.
How SonicWall helps shape market forces to drive security and resilience:
SonicWall’s commitment to transparency and vulnerability discovery is paramount. SonicWall publicly shares both product notifications and security advisories on its SonicWall domain and remains committed to full transparency as a leading cybersecurity software vendor.
As we mentioned previously, SonicWall is committed to aligning with the NIST SSDF. As part of this process, we’re implementing a Software Bill of Materials (SBOM), which will attest to our users and buyers what the state of vulnerability discovery is for our solutions.
SonicWall believes in a robust cybersecurity approach, and we help to achieve awareness throughout the industry and beyond with our annual Cyber Threat Report, which sources real-world data gathered by the SonicWall Capture Threat Network. Collected across more than a million security sensors in 215 countries and territories across the globe, the sum of this intelligence telemetry presents a guide to attackers’ rapidly evolving tactics.
Pillar Four: Invest in a Resilient Future
The last two pillars are more forward-looking. Investing in a resilient future includes hardening the backbone of the internet and prioritizing cybersecurity across the all industries and locales.
How SonicWall helps invest in a resilient future:
With sixteen mentions of “CISA” throughout the document, it’s safe to assume that any regulation created will include some form of threat emulation testing to ensure optimal performance. These regulations can also be expected to be mapped to threat techniques, like those enumerated in the MITRE ATT&CK.
SonicWall’s Capture Client (our EDR solution) is powered by SentinelOne, which has been a participant in the MITRE ATT&CK Evaluations since 2018 and was a top performer in the 2022 Evaluations. SonicWall is fully invested in threat-informed capabilities, and will continue to invest in and utilize tactics and techniques based on empirical evidence. Continuous validation of our cybersecurity methodology and quick adaptation to new tactics and techniques is a core strategy for staying resilient.
Pillar Five: Forge International Partnerships to Pursue Shared Goals
Pillar five calls for greater cooperation and partnership surrounding shared cybersecurity goals. The strategy even promises that the U.S. Department of Defense and the intelligence community will work within their (legally established) roles to disrupt the activities of malicious perpetrators.
The strategy acknowledges that a successful defensive effort of civilian infrastructure by the Defense Department will not be an easy feat and will require closer relationships for the best outcome. When looked at from a global point of view, this coordinated cybersecurity effort becomes even more complex. International coalitions and partnerships will be vital to ensure cybersecurity across global supply chains of products and services.
How SonicWall helps forge international partnerships and pursue shared goals:
As a global company, SonicWall recognizes the importance of international partnerships and aspires toward compliance with international regulations and standards such as GDPR, HIPAA, and PCI-DSS.
Moreover, SonicWall has several solutions geared toward collaboration and visibility. For example, SonicWall Capture Advanced Threat Protection (ATP) provides a cloud-based sandboxing solution that can analyze suspicious files and URLs to identify and stop cyberattacks.
By sharing threat intelligence and collaborating on threat mitigation strategies, SonicWall can work together with governments and the rest of the cybersecurity community to pursue shared cybersecurity goals across networks, endpoints, cloud environments and more. By monitoring and analyzing network traffic, organizations can identify potential security threats and take proactive measures to address them — and by compiling and sharing this data, SonicWall can help build trust with partners, customers and the wider intelligence community, helping create a safer future for all.
