Statement from Frank Cilluffo, Director of the McCrary Institute for Cyber and Critical Infrastructure Security, on the National Cyber Strategy

“The cyber threats facing the United States, particularly from adversaries like the People’s Republic of China, Russia, Iran and North Korea, cannot be overstated, and the National Cyber Strategy released today provides important policy direction towards a whole-of-government approach that will better protect Americans in the fast-moving digital world. 

Today, all eyes are focused on Iran and its proxies flexing their cyber muscles. This unified strategy determining a direction on offensive and defensive cyber operations and collaboration couldn’t be more timely. 

I applaud Director Cairncross for having a clear-eyed vision, particularly a forward-leaning approach towards offensive cyber operations aimed at shaping adversary behavior. For too long, we haven’t deterred our enemies. Volt Typhoon crossed a line. The strategy sets us on a path where, in future scenarios, we could more thoughtfully use our offensive tools to protect our nation’s critical infrastructure. We’ve seen these capabilities deployed in recent campaigns in Iran and Venezuela underscoring the importance of cyber in modern conflict. 

Several other elements stand out: Industry has long been asking for the federal government to streamline regulations and I welcome the work to come that will allow them to more clearly focus on security rather than mere compliance. 

The federal government must continue to lead by example by modernizing vulnerable legacy IT systems and smartly embracing emerging technologies like AI. And I also join others applauding the continued focus on developing the nation’s cyber workforce.”