White House Cybersecurity Plan Calls on Private Sector to Partner on US Operations

“We will act swiftly, deliberately, and proactively to disable cyber threats to America,” the strategy document says. “We will not confine our responses to the ‘cyber’ realm. We will undertake an unprecedented effort, operating in a coordinated and sustained fashion across the U.S. government.”

At seven pages the document is far-shorter and lighter on details than previous administrations’ cyber strategy plans, which in some cases have run to more than 40 pages. It also includes, for the first time, a call for private companies to take an active role in U.S. cybersecurity and policy prescriptions.

“We will partner closely with industry and academia, at the speed and scale commensurate with the threats we face, and in accordance with our values,” the document states. “We will leverage the immense talents and ingenuity of our private sector research base. We will establish a new level of relationship between the public and private sectors to defend America in peace and war.”

How, exactly, the administration envisions private companies being involved is not made clear in the document. “We will unleash the private sector by creating incentives to identify and disrupt adversary networks and scale our national capabilities,” is about as close it comes. “We must detect, confront, and defeat cyber adversaries before they breach our networks and systems.”

We’d love to be your preferred source for news.

Please add us to your preferred sources list so our news, data and interviews show up in your feed. Thanks!

Add as Preferred Source

President Trump is expected to sign an executive order at some point outlining the role the administration wants companies to play in offensive cyber operations. Friday’s release was accompanies by a separate executive order focused on combating “cyber-enabled fraud and extortion.”

Read more: Key Cybersecurity Measures Again Hang in Balance Amid Partial Government Shutdown

Reactions from the private sector to the plan’s call for companies to get involved in carrying out the administration’s strategy were mixed. “President Trump’s cybersecurity strategy is a significant shift — one that empowers the private sector to partner with the administration to defend American systems and deliver a robust, collective response to nation-state hackers,” Trellix Chief Public Policy Officer Tom Gann said in a statement provided to NextGov/FCW. “[T]his is a holistic approach to a growing threat, and the private sector is ready to be a meaningful partner in that effort.”

Others were more skeptical. The strategy “doesn’t rule out the possibility of industry hacking back or engaging in offensive operations,” Lauryn Williams, a cybersecurity expert at the Center for Strategic and International Studies told the New York Times, noting it is currently illegal for companies to conduct offensive campaigns online.

Some military experts also raised concerns with involving the private sector in offensive operations. “We just need to be careful,” Mark Montgomery, a retired rear admiral and the senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies told the Times. “It doesn’t mean the private sector can’t be involved in responding.” But if it does take on a role in the United States’ cyberwarfare, he added, it would need direct military oversight.

In another break with precedent, the document points to the specific role cyber capabilities played in U.S. military operations, including the recent capture of Venezuelan president Nicolás Maduro.

“Adversaries are on notice that America’s cyber operators and tools are the best in the world,” the strategy says, “and can be swiftly and effectively deployed to defend America’s interests.”