Looking at Biden’s cybersecurity policy from the release of the “Interim National Security Strategy Guide” by the United States

In March, the United States released the Biden administration’s “Interim National Security Strategy Guidelines” (hereinafter referred to as the Guidelines), which is the first policy guidance document issued by the new Biden administration for the United States to comprehensively respond to international and domestic situations. The guide outlines the Biden administration’s cyber strategy, which not only reflects U.S. foreign policy but also reflects the ideological, geopolitical, technological, and diplomatic pillars of the national security vision. The SolarWinds and Microsoft hacking incidents have brought a huge impact on U.S. cybersecurity, exposing the deficiencies in U.S. cybersecurity defenses, and it has also become a top priority after Biden took office. The Guide makes clear: “Cybersecurity will be a top priority, strengthening our capabilities, preparedness and resilience in cyberspace. Cybersecurity will be elevated to a government priority. Joint efforts will be made to manage and share risks, and efforts will be made to encourage Collaboration between the private sector and all levels of government to create a safe and secure online environment for all Americans.”

I. Main Contents of the Interim National Security Strategy Guide

(1) The global security landscape is quietly changing, and the United States is under unprecedented threat

The “Guide” emphasizes that the distribution of power in the world is changing, and the United States is under geopolitical threats from countries such as Russia, which is determined to increase its global influence and play a subversive role on the world stage. Changes in the distribution of power have increased the level of cybersecurity threats from China and Russia. In response, the Biden administration plans to improve cyber defense capabilities, take action if necessary to disrupt adversaries and block their malicious behavior, and use diplomatic means to strengthen cooperation with allies on cyber security. U.S. cybersecurity policy has long emphasized strengthening cyber defenses, enhancing cyber deterrence, and regulating cyber behavior. The geopolitical impact of cyber threats from Russia, Iran and other countries has grown over time, but U.S. cybersecurity policy has failed to keep pace with the changing international distribution of power. For a Biden administration, the failure highlights the scale of cyber defenses, the risk of escalating iterations of cyber deterrence efforts, and the difficulty of setting cyber rules in a geopolitical contest.

(2) Optimizing international cooperation methods and strengthening partnership building

Biden is committed to reinvigorating U.S. diplomacy, repairing alliances, strengthening cyberspace partnerships, and furthering the U.S. leadership role in international organizations. This is also a distinctive feature of Biden’s cyber strategy. The Guide states that the United States should actively modernize the architecture of international cooperation to address a range of challenges, including cyber threats and digital hegemony. Work with the private sector, foreign allies, and partners to intercept and block cyber threats with a pre-defense approach, safeguard DoD systems and networks, and prevent leakage of sensitive information. Work closely with the private sector to establish mechanisms for information sharing between the public and private sectors to jointly improve the cybersecurity defense and resilience of critical infrastructure. The Guide states that the world is in the midst of a fundamental debate about the future direction. The United States will reshape its leadership in the field of international governance in cyberspace. The Biden administration will re-empower the U.S. diplomatic organization and strengthen communication and collaboration with international partners under more equal and mutually beneficial conditions. The United States will reshape its role in cyberspace. Leadership in International Governance.

(3) Cultivate network talents and enhance the core strength of network

The Guide proposes that the United States will invest in training and recruiting cyber talent to maintain a war-ready cyber workforce. Provide a benign development environment to promote the career development of network talents. Create management processes to manage military and civilian cyber talent, optimize personnel rotation across commands and combat agencies, and maximize the utilization of reserve forces. Meet DoD requirements through a combination of military, civilian, contract labor, and more. Strengthen the national cyber talent pool, collaborate with other federal departments and agencies to promote the development of education in cyberspace-related disciplines such as science, technology, engineering, and mathematics, and cooperate with industry and academia to establish standards and norms in training, education, etc., to promote The growth of U.S. cyber talent. With hardware and embedded software expertise as a core competency of the Department of Defense, the Department of Defense will create a career development environment for computer science-related professionals and attract relevant talents through job rotation, technical challenges, professional training, and compensation incentives.

2. The Biden administration’s cybersecurity policy measures

In just two months after Biden was elected president, the “Guide” has greatly improved the priority of network security, and regards network security as a highly professional and wide-ranging issue. The important issues facing Biden after taking office have become the focus of attention in the United States and even around the world. This is not surprising. As early as during the election campaign, Biden’s position on cybersecurity issues was more positive and high-profile than Trump’s, so when he came to power, he began to make arrangements in terms of personnel arrangements, institutional settings, and financial support.

(1) Form a high-level cybersecurity decision-making think tank and increase overall planning

In terms of personnel arrangement, the Biden administration’s approach is basically to “invite professional people to do professional things”, and actively plan to win over elites from all walks of life to build a high-level cybersecurity think tank for it. In January 2021, Rob Joyce, a special liaison officer for the NSA at the U.S. Embassy in London, was appointed to replace Nuanne Newberg as director of the NSA’s Cybersecurity Agency. Joyce previously served as senior adviser on cybersecurity strategy to the director of the NSA and as special assistant to the president and cybersecurity coordinator on the White House National Security Council. He also served as head of the NSA’s cyber operations organization, the Acquisition-Specific Intelligence Operations Office (TAO), and as deputy director of the NSA’s former Information Assurance Directorate. In February, Anne Neuberger, director of the NSA’s Cybersecurity Agency, was appointed as deputy national security adviser for cyber and emerging technologies. Newberg’s appointment is a signal that the Biden administration intends to prioritize cybersecurity on the National Security Council. Previously, she was the head and chief risk officer of the NSA’s Task Force on Countering the Russian Threat to U.S. Elections, previously known as the “Russia Team.” Claire was appointed in March. Martorana is the U.S. Chief Information Officer, with overall oversight of the White House’s efforts to upgrade the government’s technology infrastructure, Claire. Matolana, a veteran of the U.S. Digital Services Department, will be charged with strengthening the federal government’s cybersecurity, modernizing IT systems and making government websites more accessible to all citizens. In terms of mechanism setting, in January, the US State Department established a new Cyberspace Security and Emerging Technology Agency (CSET) to deal with cybersecurity and emerging technology threats. The new Cyberspace and Emerging Technologies Agency contributes to diplomacy in cybersecurity and technology, including preventing cyber conflicts with potentially hostile states. On February 4, the memorandum on updating the system of the National Security Council set cybersecurity and emerging technology issues as important topics of the National Security Council. In short, the above-mentioned institutional settings and personnel appointments show that the Biden administration is extremely concerned about cybersecurity issues.

(2) Communicate with allies and strengthen policy coordination

Strengthening U.S. alliances is one of Biden’s core policy propositions. Since his official inauguration, Biden’s policy has intensively carried out “telephone diplomacy.” The leaders of the European Union, NATO and many other allies and organizations have made phone calls. In Europe, Biden’s policy has reached an agreement with NATO, and a summit will be held in the first half of 2021 to discuss strengthening joint actions of member states. Biden said the advantage of NATO’s military capabilities must be maintained and expanded to jointly address emerging challenges such as cyber threats. On February 19, at both the G7 summit and the Munich Security Conference, Biden proposed to revive the alliance and defend Europe, believing that cyberspace, artificial intelligence and biotechnology are new areas of competition, and called for working with allies to formulate rules to guide technology. develop. In Asia, on March 12, Biden presided over the first summit-level summit since the establishment of the “four-nation mechanism” of the United States, Japan, India and Australia. The topics of the meeting not only covered traditional security areas such as military cooperation, epidemic prevention and control, and climate crisis, but also addressed key issues. Technology, supply chain security and other fields to expand. The summit decided to set up a working group on emerging technologies and maintain regular high-level meetings.

(3) Increase investment in network security in network infrastructure

On March 31, US President Biden announced his $2 trillion infrastructure investment proposal. The plan will spend 1 percent of U.S. GDP annually for eight years to upgrade infrastructure, revitalize manufacturing, invest in basic research and science, shore up supply chains and improve its infrastructure. In this huge infrastructure investment plan, at least three cybersecurity provisions are included. Part 1: Grid upgrades. The Biden proposal calls for $50 billion in “infrastructure resiliency,” which includes projects aimed at improving the power grid, city infrastructure, and community health and hospitals. Power systems have long been the target of many malicious hackers. Infrastructure plans can address this, so more cybersecurity designs are considered in the development of grid services. Part Two: Solving Supply Chain Issues. The SolarWinds supply chain hack affected 9 federal agencies and 100 private companies across the United States. In February 2021, Biden signed an executive order requiring a federal review of supply chain risks in semiconductors and a review of supply chain risks in the information and communications technology and pharmaceutical industries. The Biden administration has proposed spending billions of dollars on the supply chain to reduce risk and strengthen domestic manufacturing. For example, it plans to spend $50 billion to establish an office at the Commerce Department to monitor domestic industrial production capacity and fund investments to support the production of critical products. In addition, $50 billion is proposed to be invested in domestic semiconductor manufacturing and research. The third part: scientific research and development. The National Security Council believes that the United States is in danger of falling behind China and Russia in developing AI technology and responding to the cybersecurity threats that accompany AI. Recommending a rethinking of the government’s approach to artificial intelligence, it also called on Congress to authorize billions of dollars to fund the development of AI, machine learning and other technologies to help the U.S. better compete against security threats and protect critical technologies. Under a bipartisan proposal, Biden suggested that Congress invest $50 billion in the National Science Foundation (NSF) to focus on solutions including artificial intelligence, covering semiconductors and advanced computing, advanced communications technologies, advanced energy technologies and biotechnology technical issues in other fields. He also called on Congress to provide $30 billion in additional funding for research and development to spur innovation and job creation, including in rural areas. There are also plans to invest $40 billion to upgrade the research infrastructure of laboratories across the country, including physical facilities, computing capabilities and networks. The funds will be distributed to federal research and development agencies, including the Department of Energy. Provides $15 billion for many other R&D projects, including quantum computing research.

These are pragmatic measures to strengthen network capacity building and have substantial significance. Although capital investment and network capabilities cannot simply be equated, it will be very difficult to build network capabilities without sufficient capital investment. In fact, this is a major point that deserves continuous attention in the future, because the amount, distribution and effectiveness of actual capital investment are important factors that determine the capabilities of the US network, and are also one of the core elements that determine the success or failure and effectiveness of the Biden administration’s cybersecurity policy.

3. The dilemma facing the Biden administration’s cybersecurity policy

Between policy formulation and practice implementation, and between practice and effect, there is often a great distance and gap. Moreover, the United States currently faces problems such as lack of trust in the national environment, the form of domestic political party confrontation, and the imbalance in the allocation of funds invested in the field of cybersecurity. There is still a distance between ideals and reality, and these issues will also affect the implementation and effectiveness of the Biden administration’s cybersecurity policies.

(1) Lack of allies’ trust in the United States in the international environment

The Trump administration’s unilateralism and bullying have triggered a “crisis of confidence” among allies in US leadership and influence. In terms of cybersecurity cooperation, the most prominent performance is that in July 2020, the European Court of Justice overturned the data transfer agreement reached between the EU and the United States in 2016 – the “Privacy Shield Agreement”, and ruled that the agreement was invalid. The “Privacy Shield” established the operational framework for European and American Internet companies to transfer users’ personal data to each other. Now the European Court of Justice believes that the agreement is not sufficient to protect the security of European citizens. The incident reflects a growing trust deficit between the United States and its allies. It will be difficult for the Biden administration to regain the support of its allies and jointly lead the rules of the international network.

(2) The political environment of domestic political party confrontation and split public opinion

Although the Democratic Party won both the Senate and the House of Representatives, clearing certain obstacles for the Biden administration, the Biden administration still faces serious bipartisan divisions and splits of public opinion. Even cybersecurity issues with a high degree of consensus will be affected by political factors. influences. There are still major differences on issues such as the setting of major competitors, governance of tech giants, election security, and net neutrality bills. On the other hand, it is also facing pressure from the radicals within the Democratic Party. The “radical” forces within the Democratic Party pay more attention to the geopolitical impact of international economic policies, and are unwilling to return the United States to a line characterized by free trade, distracting its core policy proposition of reinvigorating American leadership abroad. Policy flexibility will also be limited.

(3) Unbalanced distribution of investment funds in the field of cybersecurity will affect policy effects

As mentioned earlier, the Biden administration will increase investment in cybersecurity. Examples include a $2 trillion infrastructure investment proposal in March and a $1.9 trillion rescue package unveiled in January that included funding for federal agencies to modernize information technology and upgrade cybersecurity. Whether it is the total amount of investment or the proportion of investment, the United States’ spending in the field of cybersecurity is far ahead of other countries. However, there is a serious imbalance in the allocation of funds, such as between military and civilian use, between defense and offense. Jason Healey, former White House director of cyber infrastructure protection, once wrote that the U.S. Department of Defense’s cybersecurity budget is significantly larger than the cybersecurity budget of all civilian departments combined, with Cyber ​​Command alone spending more than $10 a year. With only $400 million spent on cyber diplomacy at the State Department, all of the Cybersecurity and Infrastructure Security Agency (CISA) budget combined accounts for only half of what the Department of Defense spends on offensive cyber operations.

Scholars at the Council on Foreign Relations (CFR) believe that the SolarWinds incident clearly demonstrates that CISA and federal agencies will need more funding to develop the capabilities necessary to detect and deter adversaries; additional funding is urgently needed to expand coordination with the private sector , to fund research not supported by the market, and to enhance the security of critical infrastructure. So the Biden team also wants to secure more resources for CISA and give the agency a bigger role in cyber defense. Of course, under the premise of financial support, whether the execution funds are consistent with the budget funds, whether the allocation of various funds is reasonable, and the performance ratio of the use of funds are also basic factors that affect the effect of the policy.

4. Prospects of the Biden Administration’s Cybersecurity Policy Trends

Network security is an important part of the US government’s security policy planning. Compared with the Trump administration, the Biden administration’s overall policy on cybersecurity has not changed significantly, but its focus may be adjusted and some different measures will be adopted.

(1) The precise technology competition policy of “small courtyard with high walls” is already under consideration

The effectiveness of Trump’s sweeping technology decoupling policy has been widely questioned, and the industry generally believes that this sweeping approach harms American businesses and consumers. The pre-assessment of the precise technology decoupling policy is gradually being carried out, and relevant policies may already be in the pipeline.

At the end of 2020, the bipartisan China-US Science and Technology Relations Working Group in the US Congress released the report “New Strategy for US Science and Technology Competition”. damage, it is recommended to implement the concept of “small courtyard with high walls” to promote selective decoupling strategies rather than general decoupling. The report said that Trump’s large-scale “technology decoupling” has too many drawbacks. The United States should greatly reduce the scope of technologies and products under its control, and focus on technologies that are truly critical to future development and national security. This is the “small courtyard”. Then, the government’s administrative power and law enforcement power are invested in the strict control of these few technologies, which is much more efficient, and because the scope of the technology involved is very small, it is also easy to communicate with allies, which can be formed through the US alliance system. A global technological barrier, not a single American force. This is the “high wall”. After that, in February 2021, Biden signed an executive order requiring a review of the global supply chain of 4 key products, including semiconductor chips, large-capacity batteries for electric vehicles, rare earth minerals and pharmaceuticals, in order to get rid of overseas suppliers, especially those from China. business dependence. Does this mean the beginning of a “small courtyard with high walls” decoupling strategy?

(2) To implement the strategic policy line of “technological priority” graded development

In January 2021, the Center for a New American Security believes that maintaining the status of the United States as the world’s No. 1 technological power does not mean achieving leadership in all technological fields, which is expensive, unrealistic, and unnecessary. The United States needs to set technology priorities more wisely to maximize the rational allocation of resources. A simple but comprehensive technology prioritization plan to guide where and how the United States should allocate resources is key to developing a roadmap for national technology strategy policy. The scheme divides technology into four levels (technical levels):

Leading-edge (Leading-edge) technology. At this level of technology, the United States needs to have the most advanced capabilities in the world. These technologies are the backbone or potentially disruptive technologies of the new digital economy. Cutting-edge technologies include two sub-categories: (1) keystone technologies, where cutting-edge capabilities derived from these basic technologies can bring enormous economic or military advantages, such as microelectronics and artificial intelligence; and (2) disruptive technologies, which are Breakthroughs in technological fields have the potential to change the rules of the game, such as quantum computing.

World-class technology. At this level of technology, the United States should be among the best in the world, which means being globally competitive and possessing specific capabilities that differentiate it. Telecommunications and biotechnology fall under this technology priority.

Fast follower technology. In this level of technology, the United States has great strength, but it is not necessarily the world’s leading in the beginning. In this way, the United States can observe the actions of other countries and then focus resources on the areas of greatest potential.

Over-the-horizon technology. Including R&D investment mainly in basic research and covering various disciplines. This is critical to safeguarding America’s deep and diverse technological base and achieving technological leadership. At the same time, it is also an insurance strategy because technical forecasting is difficult, and important breakthroughs may occur in unforeseen areas and times.

(3) Exploring pragmatic ally cooperation, intending to strengthen cooperation in the field of technology

Europe and other traditional U.S. allies are more concerned about pragmatic cooperation plans. Recently, European officials and think tanks have issued policy reports one after another, putting forward suggestions for strengthening cooperation in the transatlantic technology field.

The “NATO 2030” policy report released in December 2020 believes that joint actions should be carried out in response to cyber threats, information dissemination control, and emerging technology development. In December 2020, the European Commission proposed in its policy report “A New Agenda for Global Change in Europe and the United States” that the United States and Europe should work together to develop an agenda for technological cooperation and build a technology alliance to shape technology use and planning.

In January 2021, the U.S. Cyberspace Sunbathing Committee released its fifth white paper, “Cybersecurity Recommendations for Biden’s Policy,” suggesting that the United States should form new alliances with allies and other democracies. Advocate for responsible state behavior in cyberspace and develop mutual confidence measures, work with the international community to address cyber threats diplomatically, advocate for internet freedom, ensure a secure digital economy, and build the capacity of partners and allies to promote cybersecurity and combat cyberspace crime etc. In March, the Center for International Strategic Studies of the United States released “Technology Alliance: Opportunities and Challenges” to analyze the opportunities and challenges for the four-nation alliance to establish a technology alliance.

V. Conclusion

The main contents of the recently released “Guidelines” are highly consistent with the key points of the Biden administration’s cybersecurity policy measures. It can be seen that Biden has made cybersecurity the top priority of his administration. It is also expected that after the Biden administration takes office, Russia and China will still be regarded as the main sources of cyber threats. For the sake of maintaining U.S. national security, the Biden administration will launch further offensives against my country and strengthen restrictions and blockades on China in the technical field. China can maintain cooperation with the United States in maintaining international cybersecurity, combating hackers and cybercrimes, purifying cyberspace, and jointly building an online mobile payment platform. Improve the ability to respond to cyber attacks, do a good job in preventing the penetration of cyber ideology, actively participate in the formulation of new generation Internet protocols and rules, make technical preparations to prevent the United States from cutting off international server connections, and significantly improve the performance of domestic related equipment and realize it as soon as possible. Self-sufficiency, at the same time, we must also pay close attention to all aspects of cyberspace warfare offensive and defensive.

The Links:   P546A2005 1DI300MN-050