The Strategy is not self-executing, however. Instead, it
provides high-level principles that the Office of the National
Cyber Director will have the responsibility of implementing, and
also envisions efforts by regulators and Congress to accomplish its
objectives.2 As a result, federal contractors and
software vendors, among others, will want to pay close attention to
the steps that follow, whether they include establishment of new
regulatory standards, updated enforcement priorities, federal
spending and grants, or enactment of new legislation. For example,
the federal government will ramp up efforts to invest in secure
software, secure critical infrastructure, and modernize its IT
systems, and continue its efforts to disrupt cybercrime using law
enforcement tools and sanctions. In the private sector, tech
industry stakeholders and companies in critical infrastructure
sectors will want to engage with the federal government and
regulators about how best to implement the Strategy, including the
administration’s renewed efforts to penalize entities that, in
its view, fail to adequately protect data.
A. The Strategy
The Strategy outlines five “pillars” to…
