LLMpediaThe first transparent, open encyclopedia generated by LLMs

National Cyber Strategy (United States)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cyber Defense Directorate Hop 6
Expansion Funnel Raw 80 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted80
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
National Cyber Strategy (United States)
NameNational Cyber Strategy
JurisdictionUnited States
Adopted2018
ResponsibleExecutive Office of the President of the United States
Related legislationComputer Fraud and Abuse Act, Cybersecurity Information Sharing Act of 2015, Homeland Security Act of 2002

National Cyber Strategy (United States) The National Cyber Strategy (United States) is a strategic framework issued by the Executive Office of the President of the United States to coordinate national responses to digital threats from state and non-state actors. It synthesizes guidance from administrations such as Donald Trump and interacts with statutes and institutions including the Department of Defense (United States), Department of Homeland Security, and Federal Bureau of Investigation. The strategy aligns with historical documents like the National Security Strategy (United States) and contemporary initiatives such as the National Institute of Standards and Technology cybersecurity guidance.

Background and development

The strategy builds on antecedents including the National Strategy to Secure Cyberspace and the Comprehensive National Cybersecurity Initiative launched during the George W. Bush and Barack Obama administrations. Development involved interagency processes linking the Office of Management and Budget (United States), National Security Council (United States), and the Office of the Director of National Intelligence. Key events that shaped it include the Sony Pictures hack, operations attributed to Fancy Bear, and election interference investigations like those related to 2016 United States presidential election. Legislative and judicial contexts such as precedents from the United States Court of Appeals for the Ninth Circuit and statutory frameworks like the Computer Fraud and Abuse Act informed legal and operational boundaries.

Objectives and principles

The strategy articulates objectives similar to strategies in Allied Joint Doctrine, prioritizing resilience, deterring adversaries such as People's Republic of China and Russian Federation, and protecting critical infrastructure operators like Microsoft and AT&T (American company). Principles draw on doctrines used by North Atlantic Treaty Organization partners and reference norms promoted by entities including the United Nations and the International Telecommunication Union. It emphasizes private-sector partnerships with corporations such as Amazon (company), Google LLC, and IBM and cites protection of institutions like Federal Reserve System and United States Postal Service as national priorities.

Key policy components

Components include offensive and defensive posture elements reflecting capabilities maintained by the United States Cyber Command and attribution frameworks coordinated by the Central Intelligence Agency. Policy instruments incorporate supply chain measures referencing firms like Huawei Technologies Co., Ltd. and Kaspersky Lab, sanctions enforced through the Department of the Treasury (United States) and legal actions under the International Emergency Economic Powers Act. Information-sharing mechanisms echo models from the Cybersecurity Information Sharing Act of 2015 and collaborative platforms used by SANS Institute and Center for Internet Security.

Implementation and governance

Implementation is overseen by the National Security Council (United States), with operational roles for agencies including the Department of Defense (United States), Department of Homeland Security, Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, and the National Institute of Standards and Technology. Governance relies on memoranda and directives akin to Presidential Policy Directive 20 and coordination with state-level entities such as the New York State Division of Homeland Security and Emergency Services and municipal partners like the City of New York. Oversight involves congressional committees including the United States House Committee on Homeland Security and the United States Senate Committee on Armed Services.

Cybersecurity initiatives and programs

Programs tied to the strategy include workforce development initiatives paralleling CyberCorps: Scholarship for Service and research partnerships with institutions such as Massachusetts Institute of Technology, Stanford University, and Carnegie Mellon University. Public-private exercises reflect collaborations with Microsoft for vulnerability disclosure, joint exercises like Cyber Storm, and standards adoption from Institute of Electrical and Electronics Engineers and International Organization for Standardization. Grants and resilience funding draw on authorities similar to Federal Emergency Management Agency programs and initiatives supported by National Science Foundation research funding.

International engagement and norms

The strategy promotes cooperation with allies such as United Kingdom, Australia, Canada, and Israel through bilateral frameworks and multilateral fora including the United Nations General Assembly and G7. It endorses cyber norms advanced in forums like the Tallinn Manual discussions, Budapest Convention on Cybercrime, and diplomatic efforts led by representatives to the United Nations Office for Disarmament Affairs. Coordination with export control regimes such as the Wassenaar Arrangement and sanctions regimes overseen by the Office of Foreign Assets Control are highlighted to constrain malicious vendors and state actors like North Korea and Iranian Armed Forces cyber units.

Assessment, impact, and criticisms

Assessments by think tanks including RAND Corporation, Brookings Institution, and Carnegie Endowment for International Peace have analyzed the strategy's effect on deterrence, resilience, and civil liberties debates involving entities like the American Civil Liberties Union and the Electronic Frontier Foundation. Critics point to tensions with privacy protections under precedents from the Fourth Amendment to the United States Constitution and concerns raised by members of the United States House Permanent Select Committee on Intelligence. Scholars compare outcomes with historical analogues such as the Strategic Defense Initiative and debates over escalation similar to those in the Cuban Missile Crisis. Ongoing evaluations consider metrics from agencies like the Department of Homeland Security and judicial rulings from the Supreme Court of the United States.

Category:United States national security policy