White House publishes national policy document including plans to update surveillance laws 

Credit: Peter Foley/DPA/PA Images

A pledge to “stand up to” malicious actors in cyberspace is a key strand of the new National Cyber Strategy of the US.

The strategy, published this week by president Donald Trump (pictured above), is built around four key overarching goals: “to protect the American people, the homeland, and the American way of life; to promote American prosperity; to preserve peace through strength; [and] to advance American influence”.

The first of these aims will be achieved, the strategy said, by better securing government networks and information, combatting cybercrime, and protecting national infrastructure.

To help secure data, networks, and other public technology assets, the White House will “centralise some authorities within the federal government, enable greater cross-agency visibility, improve management of our federal supply chain, and strengthen the security of United States government contractor systems”. 

“All instruments of national power are available to prevent, respond to, and deter malicious cyber activity against the United States.”
National Cyber Strategy of the US

The process of centralising powers will see the Department of Homeland Security (DHS) being given “access to agency information systems” of other departments – with the exception of the Department of Defense and the intelligence services. DHS will also be empowered to “take and direct action to safeguard systems” across government.

To help protect national infrastructure, the government will work more closely with private sector specialists, the strategy said.

“The United States government will strengthen efforts to share information with ICT providers to enable them to respond to and remediate known malicious cyber activity at the network level,” it added.

The White House will also work to change surveillance and cybercrime laws to give investigators more powers.

The strategy said: “The administration will work with the Congress to update electronic surveillance and computer crime statutes to enhance law enforcement’s capabilities to lawfully gather necessary evidence of criminal activity, disrupt criminal infrastructure through civil injunctions, and impose appropriate consequences upon malicious cyber actors.”

To help “promote American prosperity”, the Trump administration hopes to boost the digital economy by investing in modern infrastructure, and promoting “the free flow of data across borders”.  

The president will also strive to support US companies creating “cutting-edge technologies”, as well as fostering a skilled cybersecurity workforce through government-backed resources such as the National Initiative for Cybersecurity Education.

‘Swift and transparent consequences’
The Trump administration’s work to “preserve peace through strength” will be divided into two streams, the first of which is to encourage global adherence to “international law and voluntary non-binding norms of responsible state behaviour in cyberspace”.

The second strand will be to “attribute and deter” cyberattacks and online crime. This will involve better sharing of intelligence across government agencies and with overseas partners. It will also entail the US working with other nations to impose “swift and transparent consequences” for those who perpetrate malicious cyber activity.

“All instruments of national power are available to prevent, respond to, and deter malicious cyber activity against the United States,” the strategy said. “This includes diplomatic, information, military – both kinetic and cyber – financial, intelligence, public attribution, and law-enforcement capabilities.”

Related content

• US Cyber Command outlines policy of ‘defending forward’
• NSA: ‘We have not responded to a zero-day in two years – our adversaries are hitting known vulnerabilities’
• UK and US authorities unite to ‘hold Russia to account’ for sustained cyber offensive

It added: “The United States will formalise and make routine how we work with like-minded partners to attribute and deter malicious cyber activities with integrated strategies that impose swift, costly, and transparent consequences when malicious actors harm the United States or our partners.”

To support its work with other countries, the US will launch a Cyber Deterrence Initiative, the aim of which will be to identify a “coalition of like-minded states”. Countries taking part in the initiative will then work together to “develop tailored strategies” for responding to cyber adversaries.

The final pillar of the president’s strategy is to “advance American influence”. This can be achieved, the strategy said, if the White House works with industry, academia, civil society, and other governments to “promote an open, interoperable, reliable, and secure internet”.  Alongside this, the US will also work to boost the cyber capabilities of its allies.

“The administration will work with the Congress to update electronic surveillance and computer crime statutes to enhance law enforcement’s capabilities to lawfully gather necessary evidence.”
National Cyber Strategy of the US

In the strategy’s foreword, president Trump wrote that “ensuring the security of cyberspace” is fundamental to both the national security and economic prosperity of the US. He added that the publication of the strategy is the culmination of 18 months of action undertaken by the White House.

“My administration has taken action to address cyberthreats,” Trump said. “We have sanctioned malign cyber actors. We have indicted those that committed cybercrimes. We have publicly attributed malicious activity to the adversaries responsible and released details about the tools they employed. We have required departments and agencies to remove software vulnerable to various security risks. We have taken action to hold department and agency heads accountable for managing cybersecurity risks to the systems they control, while empowering them to provide adequate security.”

He added: “The National Cyber Strategy demonstrates my commitment to strengthening America’s cybersecurity capabilities and securing America from cyber threats. It is a call to action for all Americans and our great companies to take the necessary steps to enhance our national cybersecurity.”