Light Dark
June 3, 2024 By Josh Nadeau 3 min read
News

In March 2023, the U.S. administration released the first National Cybersecurity Strategy Implementation Plan (NCSIP). This was presented as a government action plan consisting of 27 strategic objectives prioritizing critical initiatives to protect national security from ongoing cyber threats.

Recently, 31 initiatives have been added to this plan, and a number of federal agencies have been identified to lead these efforts moving forward.

Goals of the National Cybersecurity Strategy Implementation Plan

The NCSIP outlines several critical implementation actions to improve the U.S. national cybersecurity posture. This effort involves collaboration with various industries and supporting agencies to regulate and enforce new standards in cybersecurity best practices while supporting the development of safer technologies.

The five core pillars established by the NCSIP focus on the following areas:

  1. Defending critical infrastructure by establishing standardized frameworks.
  2. Disrupting threat actors by working with interagency partners and proposing legislation to govern cloud providers.
  3. Encouraging safer software development practices by exploring software liability frameworks.
  4. Adopting network security best practices and promoting memory-safe programming languages.
  5. Expanding international partnerships to establish more flexible foreign assistance mechanisms.

What does the new version of the plan do?

The latest version of the plan, released on May 7, 2024, introduces 31 additional initiatives that have been included and grouped within the five core pillars.

Below are some of the most recent additions:

Initiatives for improving the resilience of critical infrastructure

New initiatives have been added that address actions designed to promote better cybersecurity practices in a range of sectors, including healthcare and water and wastewater services.

In the healthcare sector, the White House will work with the National Institute of Standards and Technology (NIST) to create a Department of Health and Human Services (HHS)-wide strategy to enforce greater accountability in this area.

In the water and wastewater services sector, the U.S. Department of Agriculture will work with the Environmental Protection Agency (EPA) to promote cybersecurity technical assistance, education and training.

Leveraging more collaborations to help avoid large-scale cyberattack campaigns

The second pillar of the NCSIP, focused on “disrupting and dismantling threat actors,” has seen several new additions regarding collaboration to reduce the impact and likelihood of larger cyberattack campaigns.

Implementation timeframes have now been specified for the initial 2023 Department of Defense (DoD) Cyber Strategy that was put in place last year, as well as a renewed focus on collaborating with private-sector entities to improve the speed and utility of cybersecurity efforts.

Ensuring the production of safer digital products

Another part of the NCSIP is designed to put more responsibility on influential digital brands to create more secure products. The plan’s latest version adds a new initiative for the State Department to work with the Joint Ransomware Task Force, the Department of Justice and other U.S. interagency partners to deny ransomware attackers safe havens in foreign countries.

There are also plans to update the National Privacy Research Strategy in collaboration with the Office of Science and Technology Policy (OSTP) to protect the data privacy of individuals when personal data is stored and accessed for large-scale data analytics.

Implementation of the National Cyber Workforce and Education Strategy

A key pillar of the NCSIP is securing next-generation technologies and infrastructure by making smarter investments in cybersecurity training and support.

The new plan introduces the National Cyber Workforce and Education Strategy and calls for reporting on its progress over the next year. This strategy is designed to help develop a playbook to improve cybersecurity workforces and make it easier for workers to enter the field.

Many other initiatives have been added to this latest version of the NCSIP. While deadlines for each initiative vary, most have deadlines stretching through fiscal year 2025, with some initiatives planned for execution by the end of this year.

How will these new initiatives impact the private sector?

The NCSIP is designed to be a dynamic plan with expectations that it should be updated yearly. Version 2 of this plan represents the first annual update and shouldn’t surprise organizations.

Private sector organizations should expect increased collaboration efforts with government agencies as these new initiatives roll out and should keep themselves updated as the deadlines for critical objectives approach.

While many of the new initiatives impact specific industries, there may also be sector-wide impacts that will require all private sector organizations to quickly adapt to the new standards being put in place, with guidance from supporting agencies and industry experts.

 |  |  |  | 
Josh Nadeau
Cybersecurity Writer

More from News
January 13, 2025

Insights from CISA’s red team findings and the evolution of EDR

3 min read - A recent CISA red team assessment of a United States critical infrastructure organization revealed systemic vulnerabilities in modern cybersecurity. Among the most pressing issues was a heavy reliance on endpoint detection and response (EDR) solutions, paired with a lack of network-level protections. These findings underscore a familiar challenge: Why do organizations place so much trust in EDR alone, and what must change to address its shortcomings? EDR’s double-edged sword A cornerstone of cyber resilience strategy, EDR solutions are prized for…

December 30, 2024

DHS: Guidance for AI in critical infrastructure

4 min read - At the end of 2024, we've reached a moment in artificial intelligence (AI) development where government involvement can help shape the trajectory of this extremely pervasive technology. In the most recent example, the Department of Homeland Security (DHS) has released what it calls a "first-of-its-kind" framework designed to ensure the safe and secure deployment of AI across critical infrastructure sectors. The framework could be the catalyst for what could become a comprehensive set of regulatory measures, as it brings into…

December 26, 2024

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces. AI in every pocket Having…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature