Recent Posts

Popular Topics



Legal developments in data, privacy, cybersecurity, and other emerging technology issues

Debriefing the 2023 U.S. National Cybersecurity Strategy - Part I: Impacts on Federal Funding and Investments

In March 2023, the White House released the National Cybersecurity Strategy, which details the Biden administration’s policy and agency directives to strengthen U.S. cybersecurity across the public and private sectors. Cybersecurity regulations and cybersecurity responses affect both U.S. national security as well as the security and stability of U.S. businesses and individuals. The 2023 National Cybersecurity Strategy replaces the 2018 National Cyber Strategy set forth under the Trump administration and builds on the 2008 Comprehensive National Cybersecurity Initiative set forth under the Obama administration.  

The National Cybersecurity Strategy defines five pillars, involving critical infrastructure, threat actors, market forces, future investments and foreign partnerships. This blog post focuses on the collective federal policy initiatives and directives detailed amongst these pillars which will impact U.S. businesses who directly or indirectly provide goods and services to the U.S. federal government. A companion blog post describing how the National Cybersecurity Strategy should be considered by U.S. businesses will be available shortly. 

The federal government will be looking to make strategic investments and upgrades to federal technology infrastructure. Tactics will include modernizing federal systems and the legacy systems in place across federal civilian agencies, as well as to implement funding mechanisms to support adequate cybersecurity infrastructure. New regulations will be put into place to support critical business sectors and these will likely flow down to third party service providers and industry engaging with or supporting agencies. A separate tactic will require harmonization and streamlining of existing regulations.

The federal government will be building enhanced cybersecurity resilience expectations into available funding programs. Tactics identify building resilience expectations into federal grant opportunities and developing funding for critical infrastructure, such as the Bipartisan Infrastructure Law, the Inflation Reduction Act, and the CHIPS and Sciences Act. Tactics also include providing separate funding initiatives to develop cybersecurity resilience goals more broadly across U.S. industries. Companies who have entered into federal contracts may already be subject to Executive Order 14028. A tactic to improve accountability in federal procurement includes empowering the Department of Justice authorities to hold accountable entities or individuals who knowingly provide deficient cybersecurity products or services, knowingly misrepresent security practices or protocols, or knowingly violate obligations to monitor and report cyber incidents and breaches under the existing authorities of the federal False Claims Act. Third party service providers and government contractors should carefully evaluate representations made to the federal government with respect to cybersecurity practices.

The federal government will be continuing its ongoing strategies to regulate and secure global supply chains for information, communications and related technology products and services that support communications and store or transmit sensitive data. The National Cybersecurity Strategy reaffirms existing efforts that restrict the use of foreign-supplied goods and services, including digital services, in federal procurement as well as broader commercial markets that target sensitive personal data.

Federal contractors and companies supporting federal projects should carefully review the new National Cybersecurity Strategy and monitor applicable regulations that may require new or enhanced cybersecurity requirements or alter product developing and sourcing relationships. These companies should also evaluate current or future plans to utilize generate artificial intelligence products and ephemeral messaging platforms as part of business processes or systems that will support federally funded projects.

  • Angela I. Gamalski

    Angela Gamalski is a partner in the firm’s Regulatory Department. She advises firm clients regarding a variety of trade and international regulatory and transactional matters. She works with a wide range of North American ...

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.