National Cyber Strategy of the United States of America
Editor’s Note: The National Cyber Strategy (September 2018) is available here (pdf 1.4 MB) Below is a brief excerpt.
The Way Forward
New threats and a new era of strategic competition
demand a new cyber strategy that responds
to new realities, reduces vulnerabilities, deters
adversaries, and safeguards opportunities for
the American people to thrive. Securing cyberspace
is fundamental to our strategy and requires
technical advancements and administrative
efficiency across the Federal Government and
the private sector. The Administration also
recognizes that a purely technocratic approach
to cyberspace is insufficient to address the
nature of the new problems we confront. The
United States must also have policy choices
to impose costs if it hopes to deter malicious
cyber actors and prevent further escalation.
The Administration is already taking action to
aggressively address these threats and adjust to
new realities. The United States has sanctioned
malign cyber actors and indicted those that
have committed cybercrimes. We have publicly
attributed malicious activity to
the responsible adversaries and
released details of the tools and
infrastructure they employed.
We have required departments
and agencies to remove
software vulnerable to various
security risks. We have taken
action to hold department
and agency heads accountable for managing the
cybersecurity risks to systems they control, while
empowering them to provide adequate security.
The Administration’s approach to cyberspace is
anchored by enduring American values, such as
the belief in the power of individual liberty, free
expression, free markets, and privacy. We retain
our commitment to the promise of an open,
interoperable, reliable, and secure Internet to
strengthen and extend our values and protect and
ensure economic security for American workers
and companies. The future we desire will not
come without a renewed American commitment
to advance our interests across cyberspace.
The Administration recognizes that the United
States is engaged in a continuous competition
against strategic adversaries, rogue states, and
terrorist and criminal networks. Russia, China,
Iran, and North Korea all use cyberspace as a
means to challenge the United States, its allies,
and partners, often with a recklessness they would
never consider in other domains. These adversaries
use cyber tools to undermine our economy
and democracy, steal our intellectual property,
and sow discord in our democratic processes. We
are vulnerable to peacetime cyber attacks against
critical infrastructure, and the risk is growing
that these countries will conduct cyber attacks
against the United States during a crisis short
of war. These adversaries are continually developing
new and m ore effective cyber weapons.
This National Cyber Strategy outlines how we will
(1) defend the homeland by protecting networks,
systems, functions, and data; (2) promote
American prosperity by nurturing a secure,
thriving digital economy and fostering strong
domestic innovation; (3) preserve peace and
security by strengthening the United States’ ability
— in concert with allies and partners — to deter
and if necessary punish those who use cyber tools
for malicious purposes; and (4) expand American
influence a broad t o extend t he key tenets o f a n
open, interoperable, reliable, and secure Internet.
The Strategy’s success will be realized when
cybersecurity vulnerabilities are effectively
managed through identification and protection
of networks, systems, functions, and data as
well as detection of, resilience against, response
to, and recovery from incidents; destructive,
disruptive, or otherwise destabilizing malicious
cyber activities directed against United States
interests are reduced or prevented; activity that
is contrary to responsible behavior in cyberspace
is deterred through the imposition of costs
through cyber and non-cyber means; and the
United States is positioned to use cyber capabilities
to achieve national security objectives.
The articulation of the National Cyber Strategy
is organized according to the pillars of the
National Security Strategy. The National Security
Council staff will coordinate with departments,
agencies, and the Office of Management and
Budget (OMB) on an appropriate resource
plan to implement this Strategy. Departments
and agencies will execute their missions
informed by the following strategic guidance.