To print this article, all you need is to be registered or login on Mondaq.com.
On March 2, 2023, the Biden-Harris Administration released the
National Cybersecurity Strategy.1
The highly anticipated Strategy has illuminated that a more overt
and aggressive approach to mitigating cyber risks may be necessary
to drive real change, leading to the anticipation of increased
communication and partnerships between private companies and
government agencies.2 The new Strategy sets a strategic
objective of “enhancing public-private operational
collaboration to disrupt adversaries,” including sharing
insights between private organizations and government agencies, and
the push for private companies to come together and organize their
efforts through nonprofit organizations.3
The Strategy highlights the government’s commitment to
investing in cybersecurity research and new technologies to protect
the nation’s security and improve critical infrastructure
defenses. It outlines five pillars of action, each of which
implicates critical infrastructure entities, from strengthening
their cybersecurity processes, to receiving support from the
federal government.4 It also makes evident the
Administration’s desire to shift the burden of cybersecurity
(and its associated costs and liability) from individuals, small
businesses, and local government to the entities with the greatest
expertise and resources, e.g., large owners and operators
of critical infrastructure, vendors and software
Companies evaluating their alignment with the Strategy may also
consider their law enforcement and government agency relationships.
These include: i) assessing how the Strategy impacts interactions
between victim companies and their counsel with the Federal Bureau
of Investigation (FBI) and the Cybersecurity and Infrastructure
Security Agency (CISA) when they are seeking assistance with
cybersecurity challenges, and ii) the new expectation of agency
involvement in the private sector when it comes to
“Private companies and their legal counsel can take several
steps now to ensure they create a positive relationship with
agencies ahead of new regulation expected to follow the National
Cybersecurity Strategy,” says Brian Hale, a former FBI
Assistant Director of the Office of Public Affairs, and current
Managing Director in FTI Consulting’s Cybersecurity practice,
and who is experienced in helping companies with cybersecurity
challenges from both a government and private sector perspective.
Some of these actions include:
- Form Connections. Be familiar with the lead
cybersecurity FBI agent(s) in the local FBI Office – find a
local field office here – before an incident occurs and
develop a relationship.
- Attend Outreach Events. Agencies like the FBI
and CISA often host outreach events to meet with companies and
counsel in their area or participate as panelist and presenters at
- Keep Track of Announcements. Stay up to date
with the latest messaging released from the FBI, CISA, and other
agencies regarding cybersecurity best practices and regulations.
This also includes remaining current on any potential threats and
new requirements announced that can help prepare organizations for
- Leverage Industry Groups, such as InfraGard.
This nonprofit is a partnership between the FBI and the U.S.
private sector, created to protect critical infrastructure and with
a common goal of “advancing national
security.”7 Learn more here.
Through plans to increase defense of critical infrastructure and
partner on sector-specific cybersecurity requirements, the National
Cybersecurity Strategy emphasizes that relationships and
communication between the public and private sectors remains
paramount in achieving the common goal of minimizing cybersecurity
risk. Plans to shift more responsibility for cybersecurity onto the
best-positioned organizations to handle this risk, like government
agencies, will result in better protection from threat actors for
individuals and small businesses, but will only be successful if
proper streams of information and trust between the public and
private sectors are established.
Furthermore, the Strategy encourages the forging of
international partnerships to pursue shared goals. This includes
building coalitions to counter threats to the digital ecosystem,
strengthening international partner capacity, expanding U.S.
ability to assist allies and partners, building coalitions to
reinforce global norms of responsible state behavior, and securing
global supply chains for information, communications, and operation
technology products and services.
Whether an organization is in the public or private sector, its
cybersecurity program will undoubtedly be impacted by the National
For a more detailed summary and analysis of the National
Cybersecurity Strategy, Crowell examines the Strategy in a March 2023 client alert.8
1. “National Cybersecurity Strategy,” The White
House (March 2023), https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf.
6. “Community Relations,” Federal Bureau of
Investigation (March 2023), https://www.fbi.gov/how-we-can-help-you/outreach.
7. “Welcome to InfraGard,” InfraGard (March
8. “Biden Administration Releases Comprehensive
National Cybersecurity Strategy,” Crowell & Moring (March
6, 2023), https://www.crowell.com/en/insights/client-alerts/biden-administration-releases-comprehensive-national-cybersecurity-strategy.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States