Link Search Menu Expand Document
Cybersecurity Agenda

Purpose and Scope

This agenda is designed to assist federal policymakers in prioritizing, planning, and executing actionable cybersecurity initiatives whose goals are achievable in the next four years. Its intended audience is political appointees and career officials across the executive branch, federal lawmakers and their staff teams, and professional staff on congressional committees.

Note that this is not a framework for a national cybersecurity strategy, although most of its content should figure into one. A comprehensive strategic framework would need to describe clear roles for the private sector and civil society in addition to government—and operate at a global scale.

The next administration and Congress cannot simultaneously address the wide array of cybersecurity risks confronting modern society. Policymakers in the White House, federal agencies, and Congress should zero in on the most important and solvable problems.

To that end, this report covers five priority areas where we believe cybersecurity policymakers should focus their attention and resources as they contend with a presidential transition, a new Congress, and massive staff turnover across our nation’s capital:

  • Education and Workforce Development
  • Public Core Resilience
  • Supply Chain Security
  • Measuring Cybersecurity
  • Promoting Operational Collaboration Each section defines the problem, makes the case for prioritizing it, establishes measurable outcomes, outlines past obstacles that have stymied past efforts, and details tangible action steps to overcome those obstacles.

This report is designed to be modular, with each section and its subsidiary recommendations able to stand on their own. We hope this will allow champions of specific focus areas to pick and choose based on changing political and business realities.

In selecting these five categories, the Aspen Cybersecurity Group sought to highlight initiatives that:

  • (a) Create leverage by offering “the greatest advantage to the defender over attackers at the least cost and greatest scale”;
  • (b) Benefit from an established technical or organizational foundation that can facilitate rapid progress; and
  • (c) Are relevant to the industry stakeholders, researchers, and security thought leaders whose buy-in is essential.

While technically out-of-scope, some topics are too important to omit without mention. In the section on Additional Priorities, we briefly address some other areas that demand urgent attention from federal policymakers.