Fact Sheet: Biden-⁠Harris Administration Releases Version 2 of the National Cybersecurity Strategy Implementation Plan

May 7, 2024

Read the full Implementation Plan here

Today, the Biden-Harris Administration released Version 2 of the National Cybersecurity Strategy Implementation Plan which outlines actions the Federal Government is taking to improve U.S. national cybersecurity posture.  This updated roadmap describes 100 high-impact Federal initiatives, each intended to substantively increase our collective digital security and systemic resilience.  These critical implementation actions are informed by the challenges and opportunities we face in cyberspace, as identified in the 2024 Report on the Cybersecurity Posture of the United States.

In March 2023, President Biden signed the National Cybersecurity Strategy and defined an affirmative, values-driven vision for a secure cyberspace that creates opportunities to achieve our collective aspirations.  The first National Cybersecurity Strategy Implementation Plan (NCSIP), published in July 2023, presented the initial outline of government actions to accomplish the 27 strategic objectives described in the Strategy.  This second NCSIP includes 31 new initiatives and sees six agencies leading initiatives for the first time.  It builds upon the work from NCSIP Version 1.  33 of 36 initiatives (92%) in the first NCSIP with a completion date on or before the second quarter of fiscal year 2024 have been completed.  The remaining three initiatives remain in progress.

This next phase of the NCSIP follows the progress to date and displays the Administration’s commitment to transparency and accountability as the National Cybersecurity Strategy is implemented.  

Since day one, the Biden-Harris Administration has been clear in its vision for shared cybersecurity.  The National Security Strategy, Bipartisan Infrastructure Law, CHIPS and Science Act, Inflation Reduction Act, and other major Administration initiatives are moving the Nation toward a more equitable economy, a safe, secure, and trustworthy artificial intelligence ecosystem, a more cyber secure space systems ecosystem, a more competitive cyber workforce, and a stronger democracy.  New initiatives are included under each of the five pillars outlined in the President’s National Cybersecurity Strategy.  Highlights of the new initiatives include:

Pillar 1 | DEFEND CRITICAL INFRASTRUCTURE

Boosting the security and resilience of critical infrastructure and essential services through the following actions.

• The Cybersecurity and Infrastructure Security Agency and Federal agencies who serve as Sector Risk Management Agencies, are better enabling public-private collaboration with critical infrastructure owners and operators across the United States at scale.  This includes work to increase cybersecurity in the:
  • Healthcare and Public Health Sector by strengthening cyber resilience for hospitals and communities and through identifying Healthcare and Public Health Sector-specific Cybersecurity Performance Goals ultimately increasing patient safety;
  • Education Facilities Sub-sector by establishing an Education Facilities Sub-sector Government Coordinating Council to promote cybersecurity best practices with state, local, Tribal, and territorial entities across education facilities; and
  • Water and Wastewater Systems Sector by promoting the adoption of cybersecurity best practices across the sector to help utilities prevent, detect, respond to, and recover from cyber incidents.

Pillar 2 | DISRUPT AND DISMANTLE THREAT ACTORS

Leveraging all instruments of national power to make it harder for malicious actors to mount sustained cyber-enabled campaigns that would threaten the national security or public safety of the American people by:  

• Strengthening collaboration between Federal, state, local, Tribal and territorial law enforcement, private sector, and international partners to develop a whole-of-society approach and prevent, deter, and disrupt cybercrime and cyber-enabled crime committed by juvenile offenders, consistent with the recommendations from the Cyber Safety Review Board’s Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report.

Pillar 3 | SHAPE MARKET FORCES TO DRIVE SECURITY AND RESILIENCE

Shaping market forces to place responsibility on those entities best positioned to reduce risk and forging a more trustworthy digital ecosystem by:

• Building upon the National Security Council-led effort to announce a cybersecurity labeling program for smart devices to protect American consumers – the “U.S. Cyber Trust Mark.”  In March, the Federal Communications Commission finalized an order to create a voluntary cybersecurity labeling program for wireless consumer Internet of Things products.  This program will help consumers make more informed purchasing decisions, differentiate trustworthy products in the marketplace, and create incentives for manufacturers to meet higher cybersecurity standards.
• With funding from President Biden’s Bipartisan Infrastructure Law, mobilizing teams from National Laboratories to research and develop cybersecurity labeling for energy products.

Pillar 4 | INVEST IN A RESILIENT FUTURE

Leading the world in the securing resilient next-generation technologies and infrastructure through strategic investments and coordinated, collaborative action by:

• Implementing the National Cyber Workforce and Education Strategy.  The Office of the National Cyber Director (ONCD) is working across the Federal Government to build up the national cyber workforce, increase its diversity, promote skills-based hiring, and expand access to cyber education and training that will accelerate opportunities for Americans nationwide seeking good-paying, middle-class jobs in cyber.

Pillar 5 | FORGE INTERNATIONAL PARTNERSHIPS TO PURSUE SHARED GOALS

Creating a world with shared commitments to international standards that promote security and working with partners to improve supply chain resilience:

• Catalyzing the development of open and interoperable, standards-based networks through the National Telecommunications and Information Administration’s investments of over $140 million from the $1.5 billion Public Wireless Supply Chain Innovation Fund.  These investments will help drive competition, strengthen global supply chain resiliency and lower costs for consumers and network operators.

The NCSIP is a living document that will be updated annually.  It is published to define a path for cybersecurity coordination and promote transparency.  ONCD will continue to coordinate implementation of the President’s National Cybersecurity Strategy, and partner with the Office of Management and Budget to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives through issuance of an annual Administration Cybersecurity Priorities memorandum. 

Read our Cybersecurity Posture Report here