New U.S. Cybersecurity Strategy: a strong step forward, with room for improvement

Access Now commends the U.S. Biden-Harris Administration for releasing a National Cybersecurity Strategy this week that centers “respect for human rights and fundamental freedoms” among its key values. We urge the U.S. Administration and Congress to use the document to build a more robust people-centered vision of cybersecurity. 

We welcome the Strategy’s initial recognition of the importance of taking a people-centric approach to cybersecurity — one that sees human rights and cybersecurity as complementary, rather than in conflict. The document rightfully recognizes that advancing stronger legislation on privacy and personal data is critical to protecting people from harm online and ensuring stronger cybersecurity. It is also heartening to see specific emphasis on increasing incentives to report and remedy vulnerabilities in ICT systems, as well as an unequivocal statement from the U.S. government that “strong encryption is foundational to cybersecurity and global commerce.” 

However, the Strategy’s international collaboration pillar on advancing a truly values-based, whole-of-society approach to cybersecurity falls short. This requires ensuring that international collaboration and active capacity-building on cyber is human rights respecting and actively involves civil society as a critical stakeholder.

The National Cybersecurity Strategy contains components that will help secure digital rights in the U.S. and around the world. People should not carry the privacy debts of institutional risk and systemic failures, and we hope this effort opens a wider, overdue public conversation. Michael De Dora, Senior Campaigner at Access Now

The U.S. joins many other countries that have released revised national cybersecurity strategies recognizing a more dangerous online threat environment and advancing human-centric cybersecurity approaches. The Strategy states the U.S. must shift how it allocates roles, responsibilities, and resources in cyberspace in two ways: to “rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals” and “realign incentives to favor long-term investments.” It also promotes coordination with international governments and recognises the importance of global cyber norms and international law.

Cybersecurity isn’t just about protecting machines and data, but about safeguarding people’s fundamental rights and freedoms online. The Administration’s emphasis on a people-centered vision of cybersecurity is critical to building a safer, more inclusive, vibrant, and diverse online ecosystem that empowers people and communities worldwide. However, it’s important to remember that robust data protection legislation is crucial to protecting our data, our privacy, and our security. While the National Cybersecurity Strategy is a step in the right direction, Congress must complement it with federal data protection legislation to ensure the full protection of our human rights. Willmary Escoto, U.S. Policy Analyst at Access Now

Access Now looks forward to engaging with the Office of the National Cyber Director as it begins work on the federal implementation plan for this new national cybersecurity strategy, and to contributing towards a people-centered cybersecurity approach and legislative protections for personal data in the U.S.