The White House Elevated the Push for Cybersecurity. Now the Hard Work Begins. – MeriTalk

The White House Elevated the Push for Cybersecurity. Now the Hard Work Begins. – MeriTalk

The White House Elevated the Push for Cybersecurity. Now the Hard Work Begins. – MeriTalk

https://www.meritalk.com/the-white-house-elevated-the-push-for-cybersecurity-now-the-hard-work-begins/

Publish Date: 2026-07-10 11:13:00

Source Domain: www.meritalk.com

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points. By: Tom Guarente, Vice President, External & Government Affairs, Armis by ServiceNow
The White House recently issued a directive designated as National Security Presidential Memorandum 12 (NSPM-12), which includes helpful provisions to elevate cybersecurity protection across the federal government. The directive signals a seriousness about cybersecurity from the highest levels of the federal government, but agencies’ implementations of this guidance will ultimately determine its success.
NSPM-12 can help to focus agency attention on the dire need for protections in the age of agentic AI. It offers new, actionable and outcome-based models to encourage agency commitments to make necessary cybersecurity protection actions a reality. The language seems to support putting wood behind the arrow to ensure agency leaders are taking these cybersecurity responsibilities seriously.
For example, it elevates the federal government cybersecurity discussion by outlining responsibility for security assessments and recommendations across the government as part of the authority of the National Manager of the National Security Systems (NSS), operating under the Director of the National Security Agency (NSA). This directive will light a fire under agencies that are currently not conducting effective assessments. Organizations are assessing the utility of their own cybersecurity frameworks based on checklists they have created themselves. Having a third party do that may be more effective.
But it begs the question: who has assessment responsibility today? And what criteria for assessment are they using? If we give another authority responsibility to assess agencies, we have to make sure it doesn’t conflict with assessments conducted by other arms of the federal government that believe they have that authority and responsibility. Redundancy inhibits the creation of a resilient and responsive security model.
NSPM-12 also states that “each agency shall maintain and annually update an inventory of all NSS owned or operated by that agency.” As agencies implement this, they must address the lack of consistency and visibility in environments, along with the patchwork of protections, as a foundational element in the drive for consistency in the approach.
To its credit, the directive calls for greater consistency and uniformity of cyber standards across both civilian and defense organizations. It points out that defense organizations are doing many things better than civilian agencies as far as cybersecurity and encourages civilian agencies to follow the Pentagon’s example and embrace those same protections. This call for consistency across the federal government is extremely important.
Perhaps most importantly, the directive raises the level of attention and importance of cybersecurity. Cybersecurity should be viewed in the same realm as national security and our national defense. Government organizations, Congress and the U.S. population at large must understand that a cyberattack against our critical infrastructure can have just as devastating an effect on the country as a military attack. We must treat cyber threats as the national security threats they are.
Given the stakes and possibility of severe national emergencies resulting from a cyberattack, federal government policymakers and legislators must take immediate action. To date, we’ve heard a lot of discussion, but we’ve been short on tangible action by Congress and federal leaders. If we don’t get on top of safeguarding environments now, it will be too late. We have to stop talking about the threat of AI and put resources behind defending against attacks and developing a proactive defense. This directive can help to instill that mindset across agencies.
This isn’t a technology issue; it’s a national security issue with existential stakes at risk. Therefore, it is imperative that Congress and the White House act immediately. Funding and resources will be an essential component to determine whether the objectives of the directive succeed. Congressional appropriators should not fund agencies that are not compliant with cybersecurity requirements. If Congress threatens to hold back funding, you can bet agencies will take immediate steps toward compliance.
At the end of the day, NSPM-12 is about two things: the funding to support cybersecurity protections and how we measure those outcomes. The challenge now is how to make these commitments of support actionable to protect our country’s safety and security.