Ransomware and cyberattacks are making headlines daily. And with the U.S. and the rest of the world now dependent on data to keep things running, cybersecurity and data resiliency are more critical than ever. As a result, the Biden-Harris administration has announced a National Cybersecurity Strategy that intends to “secure the full benefits of a safe and secure digital ecosystem for all Americans.”
Rebalance and Realign Cyberspace Defenses and Incentives
The strategy calls for a fundamental shift in how the U.S. allocates cyberspace roles, responsibilities, and resources. It includes efforts to “rebalance the responsibility to defend cyberspace away from individuals, small businesses, and local governments and onto the organizations that are most capable and best-positioned to reduce risks for all of us.”
At the same time, the strategy states that the country “must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.” The announcement goes on to say that “the strategy recognizes that government must use all tools of national power in a coordinated manner to protect our national security, public safety, and economic prosperity.”
Intentional, Coordinated, and Well-Resourced Approach to Cyber Defense
The announcement provides an overarching vision that addresses the complex threat environment in which we live and how we secure the promise of our digital future. The statement goes on to say that this vision will be realized as the U.S. and its allies and partners make our digital ecosystem:
- Defensible, where cyber defense is overwhelmingly easier, cheaper, and more effective
- Resilient, where cyber incidents and errors have little widespread or lasting impact
- Values-aligned, where our values shape and are reinforced by our digital world
Cybersecurity Strategy Built on Five Pillars
The Biden Administration’s approach to fulfilling this strategy is built on five pillars:
1. Defend Critical Infrastructure
This pillar is intended to give Americans confidence in the availability and resilience of our critical infrastructure. Its focus is expanding minimum cybersecurity requirements in critical sectors, enabling public-private collaboration at the speed and scale necessary to defend critical infrastructure and essential services, and protecting and modernizing federal networks and incidence response policies.
2. Disrupt and Dismantle Threat Actors
The administration will use “all instruments of national power” to prevent malicious cyber actors from threatening the U.S.'s national security or public safety. This pillar will be realized by strategically employing all tools of national power, engaging with the private sector, and addressing ransomware through a comprehensive federal approach in concert with international partners.
3. Shape Market Forces to Drive Security and Resilience
Referencing the global digital ecosystem, this pillar places cybersecurity responsibility on those best positioned to reduce risk. Today, those responsibilities typically fall on organizations and individuals. The focus is on promoting privacy and the security of personal data, shifting liability for software products to promote secure development practices, and ensuring federal grant programs encourage investments in new infrastructure that are secure and resilient.
4. Invest in a Resilient Future
This pillar's goal is innovation in developing secure and resilient next-generation technologies and infrastructure. That includes reducing systemic technical vulnerabilities and increasing resiliency, prioritizing R&D for next-generation technologies like post-quantum encryption, digital identity solutions, and clean energy infrastructure. It also focuses on developing a diverse and robust national cyber workforce.
5. Forge International Partnerships to Pursue Shared Goals
Cybercrime is a global problem, and many of today’s enterprises do business worldwide. That’s why this last pillar intends to leverage international coalitions and partnerships with other countries to work together on preparedness, response, and how costs are imposed. It includes increasing partners’ capabilities to defend against cyber threats and collaborating to make secure, reliable, and trustworthy global supply chains for information technology and operation technology products and services.
Increasing Data Resiliency in Your Business
While this new cybersecurity strategy is national, you can do your part today by strengthening your company’s resiliency. That starts with the lifeblood of your business—your data. When it stops flowing, your operation comes to a standstill.
Data resiliency starts with ensuring your disaster recovery plan is continuously updated and regularly tested. As with the national strategy, you must also invest in technologies that protect your data from ransomware and other cyberattacks.
A sound backup and disaster recovery strategy is one of the most crucial components of data resiliency. That starts with a 3-2-1-1 strategy, where you keep three copies of your data (one primary and two backups), with two copies stored locally on two formats (network-attached storage, tape, or local drive) and one copy stored offsite in the cloud or secure storage.
The last “1” stands for immutable storage. When your backups are saved in an immutable, write-once-read-many-times format, they can never be altered or deleted—even by admins. It’s your last line of defense against any data loss, whether the cause is ransomware, a cyberattack, or a natural disaster. And it delivers true data resiliency.
Experience and Expertise Matter
Arcserve technology partners bring IT expertise and experience that span businesses of every kind, large and small. They can help you ensure your organization is resilient and ready for anything. Find an Arcserve technology partner here. To learn more about Arcserve products, contact us.
You May Also Like
- Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience RansomwareNovember 30th, 2023
- Backup and Disaster Recovery Business ContinuityNovember 28th, 2023
- Backup and Disaster RecoveryNovember 16th, 2023