This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.

On July 13, 2023, the U.S. Government released the Implementation Plan for the National Cybersecurity Strategy, a roadmap which was published earlier in the year. While the National Cybersecurity Strategy was a product for all, the implementation plan is aimed toward those federal agencies tasked with ensuring that its objectives move from concept to tangible result. As we consider the implementation plan, it is helpful to revisit what the original strategy said about roles, specifically for the U.S. Government: “Government’s role is to protect its own systems; to ensure private entities, particularly critical infrastructure, are protecting their systems; and to carry out core governmental functions such as engaging in diplomacy, collecting intelligence, imposing economic costs, enforcing the law, and, conducting disruptive actions to counter cyber threats.” National Cybersecurity Strategy (March 2023). The implementation plan is the “kick-off” to moving the government forward to execute on those stated roles.