The Biden Administration has released a National Cybersecurity Strategy, a comprehensive plan to address today's most pressing cybersecurity issues. The National Cybersecurity Strategy does not explicitly include policies for higher education, but some policies may open or strengthen opportunities for institutions to participate in federally funded cybersecurity programs.
On March 2, the Biden-Harris administration released a National Cybersecurity Strategy (the Strategy) document outlining how the federal government plans to establish a secure, resilient cyberspace and digital ecosystem. The Strategy highlights the government's efforts to bolster cybersecurity research, technologies, and practices through increased collaboration between public and private entities and to realign incentives to favor long-term investments.
To better protect the nation's cyberspace, the Strategy seeks to build and enhance collaboration between government, industry, critical infrastructure, and other stakeholders around the following five pillars:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
Each pillar outlines multiple strategic objectives guiding stakeholders toward efforts to fulfill the vision of the pillar.
Higher education is not explicitly mentioned in the Strategy document, but there are several areas in which policies may apply to institutions, or federally funded grants and programs could be utilized or provided in partnership with higher education.
Enforcement of Cybersecurity Obligations for Federal Contracts
One of the strategic objectives in the Strategy emphasizes the ability of agencies to enforce the cybersecurity laws and obligations that are in place for federal contractors, which could extend to contracts held by higher education institutions. Specifically, the strategic objective focuses on leveraging federal procurement to improve accountability, emphasizing the Department of Justice's Civil Cyber-Fraud Initiative (CCFI) and the charge included in the CCFI to hold contractors accountable for "providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cyber incidents and breaches."Footnote1 Institutions that may be subject to the federal contractor cybersecurity requirements under the CCFI should be aware of this policy.
Funding for Research, Development, and Demonstration Programs
The Strategy also outlines programs and grants to strengthen cybersecurity defenses and resilience that could be utilized by higher education institutions. The Strategy document states that the federal government will prioritize funding for cybersecurity research, development, and demonstration (RD&D) programs aimed at strengthening critical infrastructure cybersecurity and resilience.Footnote2 It also states that agencies will oversee RD&D projects in areas including artificial intelligence, operational technologies and industrial control systems, cloud infrastructure, telecommunications, encryption, system transparency, and data analytics used in critical infrastructure, all of which may be supported through partnerships with relevant stakeholders, including academia.Footnote3
Bolstering Existing Partnerships with Higher Education to Strengthen the Cyber Workforce
The Strategy includes an objective focused on strengthening the cyber workforce. Specifically, it states that the government intends to expand the national cyber workforce while increasing access to cyber education and training pathways.Footnote4 The Strategy will also build on existing efforts to develop a national cybersecurity workforce, including the National Initiative for Cybersecurity Education (NICE), the CyberCorps: Scholarship for Service program, and the National Centers of Academic Excellence in Cybersecurity program, among others.Footnote5
EDUCAUSE will continue to monitor cybersecurity policies, regulations, and legislation from the Biden Administration, relevant federal agencies, and Congress.
- The Civil Cyber-Fraud Initiative (CCFI) was launched by the Department of Justice in October 2021. The CCFI was created under the False Claim Act (31 U.S.C. §§ 3729) to pursue cybersecurity-related fraud by government contractors and grant recipients; "Strategic Objective 3.5: Leverage Federal Procurement to Improve Accountability," National Cybersecurity Strategy, (Washington DC: The White House, March 2023), 22. Jump back to footnote 1 in the text.
- "Strategic Objective 3.4: Use Federal Grants and Other Incentives to Build in Security," National Cybersecurity Strategy, (Washington DC: The White House, March 2023), 21. Jump back to footnote 2 in the text.
- "Strategic Objective 4.2: Reinvigorate Federal Research and Development for Cybersecurity," National Cybersecurity Strategy, (Washington DC: The White House, March 2023), 24. Jump back to footnote 3 in the text.
- "Strategic Objective 4.6: Develop a National Strategy to Strengthen Our Cyber Workforce," National Cybersecurity Strategy, (Washington DC: The White House, March 2023), 27. Jump back to footnote 4 in the text.
- The National Initiative for Cybersecurity Education (NICE) is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development. NICE is led by the National Institute of Standards and Technology (NIST) in the Department of Commerce. The CyberCorps: Scholarship for Service program is a scholarship program for undergraduate and graduate students funded through National Science Foundation grants. The program is designed to recruit and train IT professionals, industrial control system security professionals, and security managers to work for the U.S. Government after completing their degree. The National Centers of Academic Excellence in Cybersecurity (NCAE-C) program is managed by the National Security Agency and aims to create and manage a collaborative cybersecurity educational program with community colleges, colleges, and universities. Jump back to footnote 5 in the text.
Bailey Graves is an Associate at Ulman Public Policy.
© 2023 Bailey Graves. The text of this work is licensed under a Creative Commons BY-NC-ND 4.0 International License.