If we could use just two words to summarize the National Cybersecurity Strategy published by the White House on March 2, 2023, they would be “collective defense.” As IronNet has been focused on Transforming Cybersecurity Through Collective DefenseSM since our founding in 2014, we are naturally biased in our two-word summary of the strategy – however, we’re fully prepared to argue why it is the most succinct and accurate phrase to describe the U.S.’s future cybersecurity efforts and priorities.
IronNet has long contended that the cyber “safe zone” is shrinking every day and that creating resilience for critical infrastructure assets is priority one. The report states a goal to “operationalize an enduring and effective model of collaborative defense” so that the risks and responsibilities are more equitably distributed between the public and private sector. Managing cybersecurity in a silo is increasingly dangerous as the complexity of attacks escalate; the more vital the organization is to national security, public safety, and economic prosperity, the more important it is to collaborate efficiently to provide greater coverage against emerging and sophisticated threats.
Effective public-private partnerships that enable public defenders to come to the aid of the private sector at the speed and scale needed to limit inflicted damage has been an integral tenet of our platform. IronNet’s technology uniquely enables an anonymous exchange of threat information to facilitate, as noted in the White House report, “a more sustained and effective disruption of adversaries” through “greater collaboration by public and private sector partners.”
This pillar brings into focus the risks stemming from the proliferation of technology products designed without basic security features and functionality. The new national strategy highlights a need to “shift the consequences of poor cybersecurity away from the most vulnerable.” This concept of leveraging automation and the cybersecurity capabilities of the more mature and resource-rich organizations in support of those with a less sophisticated cyber posture – for the benefit of all – is a key benefit of the crowdsourced nature of our Collective Defense platform IronDome. Through this model, the cybersecurity community can move toward more equitable collaboration, where smaller companies alert larger organizations of emerging attacks, and large organizations with more resources provide context to the activity targeting both organizations.
The proposed strategy highlights intended investment to complement “efforts to out-innovate other countries with focused, coordinated action to optimize critical and emerging technologies for cybersecurity.” In the interim, we still have an urgent need to address the blind spots for organizations and provide protection as we bridge to a higher level of security-built technologies. Proactive action and threat intelligence is vital in this effort, as detecting attack infrastructure before it can be used against organizations enables a “left of boom” response so defenders can shift the advantage in their favor by stopping adversaries before they reach their endgame: exfil, disruption, or system control.
Building “coalitions” to “collaboratively disrupt transnational criminals and other malicious cyber actors” is an important component of the new national cybersecurity strategy. Cyber threats are not confined to physical or geographic borders. Multinational collaboration in both the public and private sectors to address cyber threats that have no respect for national borders – and to do so in a way that protects privacy – is another important ‘why’ behind the development of IronNet’s Collective Defense platform.
We laud the cyber leadership this March 2023 National Cybersecurity Strategy represents for the United States, and we support the efforts outlined in the report. The intended direction of the U.S.’s cybersecurity strategy closely aligns with IronNet’s value proposition, and we are proud to create solutions in the market that can help our nation (and allies) become more resilient to cyber-related risks.