White House pledges to dismantle threat actor groups as it reveals a new National Cyber Strategy

When you head into a significant White House announcement like today’s live stream featuring Acting National Cyber Director Kemba Walden and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, you never quite know what to expect.

Today’s live stream contained many vital announcements and updates. Much of what we heard today was expected and is the culmination of hard work to outline a strategy for years to come.

The briefing made clear that the Biden-Harris administration is stepping up enforcement to protect the nation’s infrastructure better too. One of the day's highlights was the focus on forging an International coalition.

The administration highlighted over 30 foreign governments and allies, including the European Union.

Citing the widespread introduction of artificial intelligence systems - which can sometimes be utilized in ways unexpected to its creators by threat actors - the White House acknowledged that the cyber threat environment continues to shift rapidly, putting our technological systems at a higher risk by the minute.

Today's burden of defending computer systems and supply chain infrastructure rests mainly with end users. The White House pledged to accelerate operational collaboration to share information better and coordinate defensive efforts.

The goal is that a more collaborative effort featuring a partnership between the Cybersecurity and Infrastructure Security Agency (CISA), Sector Risk Management Agencies (SRMAs), and the private sector will help strengthen cyber defenses.

The 39-page document that was released today exhaustively outlines the roles and responsibilities of various government agencies, but the bolder initiatives will, of course, rely on passing a legislative agenda - something that could be difficult in the partisan environment we have in 2023. Perhaps anticipating the partisan question, it was mentioned several times that “cybersecurity is largely a bi-partisan topic in congress,” so there should be broad support for any new legislation.

We did see some very strong language around disrupting and dismantling threat actor infrastructure: the United States will use all instruments of national power to disrupt and dismantle threat actors whose actions threaten our interests. These instruments include diplomatic, financial, intelligence, law enforcement, and kinetic and cyber-based military capabilities. I hope that among these tools, we will find aggressive techniques to burn threat actor infrastructure, sinkholing (capturing and blocking malicious traffic) in partnership with ISPs and cloud providers, and rooting out and sanctioning bulletproof hosting providers.

Another overarching theme of today’s presentation was to roll out all the tools available to the United States government should it seek to sanction foreign nations and entities. The countries that were continually called out as creating a cyber threat to the United States were China, Russia, Iran, and North Korea.

The National Cybersecurity Strategy briefing called on strong collaboration between public and private sectors, recognizing that the private sector has a deep and up-to-date knowledge of cyber adversary activity that often surpasses the government's. The  2021 takedown of the Emotet botnet (a botnet that originated in Eastern Europe and evolved into a malware downloader) was highlighted as an example of what’s possible when there is a collaboration between Federal agencies, international allies, and private industry. Additionally, companies such as Cybersixgill can contribute to this strong partnership by continuing to identify threat actor intentions as they move across platforms to plan, play, and profit.

What’s next?

As was recognized during the live stream, writing the strategy is the easy part of this matter. Now comes the task of implementing higher cybersecurity standards and shifting vendors away from “first to market” thinking and toward “most secure on the market” thinking.

Cybersixgill automatically aggregates data leaks and alerts customers in real time.