Quick Read

National Cybersecurity Strategy Pillar One: Defend Critical Infrastructure 

In March of 2023, the federal government drafted and released a National Cybersecurity Strategy. The strategy outlines five pillars that are critical to implementation. In this blog series, we will dive into each pillar and how ZKX will abide by these guidelines and support this strategy.  

The five pillars are: 

  • Defend critical infrastructure 
  • Disrupt and dismantle threat actors  
  • Shape market forces to drive security and resilience  
  • Invest in a resilient future  
  • Forge international partnerships to pursue shared goals  

Defending critical infrastructure 

According to CISA, critical infrastructure includes sixteen sectors where data is considered “vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”  

Protection of these critical infrastructure assets — such as emergency services, government facilities, energy, nuclear plants, and transportation — is necessary for national security, public safety, and economic growth. The first step is having those with critical infrastructure equipped with the right cybersecurity resources to secure networks and disrupt threat actors without sacrificing the user experience. 

According to Pillar One, these are the steps we need to take to secure critical infrastructure: 

  • Establish clear cybersecurity requirements. At the federal level, agencies can better support critical infrastructure protection by establishing mandatory cybersecurity requirements. These requirements will drive innovation and development of capabilities to halt cybersecurity breaches and protect our critical infrastructure. 
  • Increase public-private collaboration. Robust collaboration between the public and private sectors is essential to further securing our critical infrastructure. International threats such as those stemming from China are a threat to not only government but private sector data as well, which is why both networks need to be in sync when it comes to cyber security.  
  • Integrate Federal Cybersecurity Centers. Groups such as Joint Cyber Defense Collaboration within CISA is the first step to progress integrating cyber planning and operations across the federal government and private sector.  
  • Update Federal Processes. Without clear plans and processes in place, a unified cyber defense strategy is bound to fail.  
  • Modernize Federal Defenses. With the cyber landscape continuously changing, it is critical the federal enterprise and systems be updated to stay in accordance with Zero Trust principles. 

The responsibility of cyber defense should not be on the end user 

The end user cannot bear the burden and the blame for cyber threats, but that’s the reality we live in today. Individuals and small businesses have limited resources. Currently, too much responsibility is on the end user to change their behavior just to mitigate deficiencies in policy or technology (for example: installing authentication apps, dealing with SMS authentication, or changing passwords on a regular basis). Instead, those who design the systems and hold this sensitive data should be responsible for protecting it. 

Put another way: rather than having end users change their behavior to compensate for bad technology and bad policy, we should be leveraging modern technology to completely change the dynamic. 

ZKX can defend your infrastructure with continuous authentication 

At ZKX Solutions, we push the responsibility of cybersecurity back where it belongs: away from the end user and towards the custodian of the data and the networks. ZKX authentication sessions are transparent to the user and can be revoked at any time.  Our technology minimizes the attack surface, making both the user side and server side far less valuable targets for cyber adversaries. The best part: ZKX can be installed into any network and adapt to any policy you have in place.  

We are committed to abiding by all federal guidelines as well as innovating with our federal partners to set policy and support all future cybersecurity requirements.