back caretBlog

The 5 Pillars of the National Cybersecurity Strategy Implementation Plan

Earlier this month, the Biden-Harris Administration published its National Cybersecurity Strategy Implementation Plan (NCSIP). The whole-of-government plan is designed to achieve two primary objectives: encouraging more capable cyberspace actors to take on a greater responsibility for cybersecurity and incentivizing investments in long-term resilience. These goals are supported by five pillars:

  1. Defending Critical Infrastructure
  2. Disrupt and Dismantle Threat Actors
  3. Shape Market Forces to Drive Security and Resilience
  4. Invest in a Resilient Future
  5. Forge International Partnerships to Pursue Shared Goals

These pillars are supported by 27 strategic objectives, which can be broken down into individual initiatives designed to drive the success of each objective. The entirety of the NCSIP is too complex to distill in one blog post, so we’ll focus on the most important parts. You can read the full plan here.

Pillar 1: Defending Critical Infrastructure

Threat actors have been increasingly targeting critical infrastructure, and the Federal government has taken notice. The strategic objectives aligned with the first pillar of the NCSIP are intended to improve the defensive capabilities of critical infrastructure entities.

One key initiative is the plan to update the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) to version 2.0 by the first quarter of 2025. Drafting is underway, and NIST plans to release a draft for public comment in the near future. More information on progress and how to provide feedback can be found on the NIST website.

Further updates are also planned for federal incident response plans and processes. The Cybersecurity and Infrastructure Security Agency (CISA) is slated to issue the final Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rule in the fourth quarter of 2025. The Department of Homeland Security (DHS) will also be working with Congress to codify the Cyber Safety Review Board (CSRB) and provide it with the authorities required to carry out reviews of significant incidents. Finally, the Office of the National Cybersecurity Director will begin developing tabletop exercises to practice whole-of-government response to cyber incidents.

Pillar 2: Disrupt and Dismantle Threat Actors

The Department of Defense (DOD) has been authorized for “defend forward” capabilities since publishing an updated Cyber Strategy in 2018. As part of the NCSIP, the DOD will be updating its Cyber Strategy once again. This update is slated for completion in the first quarter of 2024, and it will “focus on challenges posed by nation-states and other malicious actors whose capabilities or campaigns pose a strategic-level threat to the United States and its interests.”

Based on the other strategic objectives and initiatives aligned with this pillar, it seems likely the DOD will be authorized to conduct more extensive disruption and takedown campaigns. Alongside the DOD, the National Cyber Investigative Joint Task Force (NCIJTF), the Department of Justice (DOJ), US Cyber Command, National Security Agency, and other law enforcement and intelligence agencies will be working to increase the speed, scale, and efficiency of their own disruption campaigns against cybercriminals, nation-state adversaries, and the ransomware ecosystem at large.

Pillar 3: Shape Market Forces to Drive Security and Resilience

As one of the largest customers of cybersecurity products and services, the Federal government has enormous potential to shape the market through its procurement process. Several of the initiatives under this pillar are designed to do just that. Federal Acquisition Regulation (FAR) requirements under the Internet of Things Cybersecurity Improvement Act of 2020 and Executive Order 14028 (regarding zero trust implementations for federal agencies) will soon be implemented. Additionally, the DOJ will be increasing its enforcement of “knowing failures to comply with cybersecurity requirements in federal contracts and grants.”

Also falling under this pillar are efforts to incentivize better security through increased federal funding for cybersecurity research, the exploration of a software liability framework, and a possible Federal Cyber Insurance backstop.

Pillar 4: Invest in a Resilient Future

Efforts under this pillar are focused primarily on technical aspects of cybersecurity. There is a heavy emphasis on mitigating Border Gateway Protocol vulnerabilities, implementing DNS request encryption, and accelerating adoption of IPv6 and memory-safe programming languages. Also of note are plans to ensure digital infrastructure can support the government’s decarbonization goals.

Pillar 5: Forge International Partnerships to Pursue Shared Goals

The objectives aligned with this pillar are largely focused on increasing the capacity for collaboration between government agencies, law enforcement, and international partners and allies. A key part of this plan is to establish mechanisms to provide cyber assistance quickly to allies and partners with a lower level of cyber capability.

The Department of State will also be working alongside the National Telecommunications and Information Administration (NTIA) to promote the development of secure and trustworthy information and communication technology networks and services. To drive this development, the NTIA will begin administering the Public Wireless Supply Chain Innovation Fund, a 10-year, $1.5 billion dollar fund. The NTIA is expected to begin awarding funds this August.


There’s much more to the NCSIP than is practical to cover here, but the theme is clear. The Federal government will be greatly stepping up its involvement in cybersecurity through a variety of means. Federal contractors should expect increased regulation and scrutiny when working with the government. Security researchers can look forward to increased funding and support. And cybercriminals and other threat actors should anticipate greater disruption to their activities. 

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed