National cyber director discusses National Cybersecurity Strategy Implementation Plan at McCrary Institute event

Transparent, accountable and evolving. That’s how White House National Cyber Director Harry Coker Jr. described the National Cybersecurity Strategy Implementation Plan at a special forum Wednesday in Washington, D.C., hosted by Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security.

Moderated by McCrary Institute Director Frank Cilluffo and McCrary Institute Senior Fellow Katherine Gronberg, Coker was joined in the live and online event by Nick Leiserson, White House assistant national cyber director for cyber policy and programs, Cheri Pascoe, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology and Valerie Cofield, chief strategy officer of the Cybersecurity and Infrastructure Security Agency.

“It was a privilege to host Director Coker as he provided vital updates on our nation's cybersecurity readiness through the lens of the National Cyber Security Implementation Plan,” Cilluffo said. “While progress has been made, Director Coker underscored areas where we must continue improving our cyber defenses and resilience. The implementation plan charts a clear path forward, guiding our collective efforts to enhance America's cybersecurity posture and safeguard our digital future.”

Originally drafted in July 2023 and recently updated, the National Cybersecurity Strategy Implementation Plan outlines a bold, affirmative vision for cyberspace to secure the full benefits of a safe and secure digital ecosystem for all Americans.

“This is our nation’s strategy. This is our nation’s document,” said Coker, who pointed out a newly-released posture report evaluates and assesses the country’s cyber readiness. “Aspiring just to manage the worst effects of cyber incidents is insufficient. Therefore, our work must continue to evolve to meet the changing and challenging landscape.

“As with many projects that are partnership-driven, our path must be clear. Thanks to the second version of our implementation plan, we have collectively renewed our commitment to building a defensible, resilient and values-aligned digital ecosystem,” he added.

Coker said the cyber threats the U.S. faces remain daunting, and its defenses are not impregnable. He added that multiple federal agencies are quickly forging defense postures. The Environmental Protection Agency has a plan to increase technical assistance to public water systems, the U.S. Department of Agriculture will use its existing rural water circuit rider program to bolster cybersecurity contributions for select utilities and the U.S. Department of Health and Human Services will invest more than $50 million in hospital cybersecurity upgrades.

Additionally, Leiserson referenced the new U.S. Cyber Trust Mark Initiative, where U.S. consumers will gain added protection to select smart devices via designated Cyber Trust labels. The goal of the program, expected to roll out by the 2024 holiday shopping season, is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes.

Though cyber threats are recognized across the board — from the supply chain to healthcare to digital currency to critical infrastructure (water, utilities, etc.)  — Coker specifically pointed to recent reports that Chinese state-sponsored cyber criminals are positioned to cripple specific U.S. targets via the hacking campaign Volt Typhoon.

“I’ve been concerned about the awareness of the American public to the magnitude of the threat and the potential damage that it can cause to our everyday way of life,” he said. “It was powerful when the FBI director (Christopher Wray) talked about the takedown of that Chinese obfuscation network that again placed our critical infrastructure at an unacceptable risk. We need to not just focus on a [potential] conflict stage, but we need to be planning and prepared in the competition phase, which is where we are.

“Cybersecurity is not going to back off in terms of our nation’s needs. This is a threat vector that state and non-state malicious actors will continue to pursue. Americans need to be always ready,” he added.