The plan, which is designed to guide the government’s completion of the national cybersecurity strategy, comes four months after the policy blueprint was unveiled.
“If the strategy represents the president’s vision for the future, then this implementation plan is the roadmap to get there,” Kemba Walden, acting national cyber director, said Wednesday during a press briefing.
“Fundamentally, we are publishing this plan because we will only achieve our goals with a whole of society approach,” Walden said.
The White House hopes the implementation plan will help organizations and individuals understand where they can collaborate with the federal government to achieve the national cybersecurity strategy goals, Walden said.
The 57-page document divides the five pillars and 27 objectives of the national cybersecurity plan into a broader series of initiatives.
While the implementation plan calls for the majority of initiatives to be completed before the end of fiscal year 2024, 11 are slated to be done in FY23, which closes at the end of September.
More than half of the 69 initiatives are slated for completion in the U.S. government’s FY24. Another 20 are scheduled for FY25 and two in FY26.
A core tenet of the national cybersecurity strategy calls for the technology sector to assume greater responsibility for security on software, hardware and platforms. Buoying that is an effort to scale public-private collaboration to drive the development and adoption of secure-by-design and secure-by-default technology, which is slated for completion next year.
Cyber authorities have consistently encouraged technology vendors to build products in a way that prevents the need for customers to constantly perform monitoring, routine updates and damage control on their systems to mitigate cyber intrusions.
Meaningful change requires technology manufacturers and vendors to revamp design and development programs, and place a much greater priority on security.
A single responsible agency will lead each of the 69 initiatives, with 18 different agencies leading at least one initiative. The initiatives also designate contributing agencies and a timeline for completion.
The implementation plan will be updated annually and initiatives will be added to meet evolving demands and removed after completion.
“The implementation plan does not capture all of the cybersecurity activities in the federal government nor does it intend to do,” Walden said. “What it does do is capture key initiatives that we must get done in the near term on the path to achieving the president's vision.”