On Thursday, the Biden administration released a strategy document outlining plans to broaden the minimum cybersecurity requirements for critical sectors and take a faster and more proactive approach to prevent cyberattacks, which could involve leveraging military, law enforcement, and diplomatic resources.
The document reads, “This strategy will position the United States and its allies and partners to build that digital ecosystem together, making it more easily and inherently defensible, resilient and aligned with our values.”
Officials stated that the Democratic administration also plans to collaborate with Congress to create legislation to hold software manufacturers accountable for their products’ failure to meet fundamental cybersecurity standards.
Over the past two years, a series of ransomware attacks targeting critical infrastructure has led to the formulation of the strategy, which largely formalizes efforts that were already underway. Recent high-profile attacks, including the one on a major fuel pipeline that sparked a fuel shortage and panic-buying, have drawn renewed attention to cybersecurity. Officials anticipate the new strategy will establish the foundation for confronting an ever-evolving and complex cyber landscape.
The Biden administration has initiated efforts to enforce cybersecurity regulations on specific critical industry sectors, such as nuclear facilities and electric utilities. The strategy also outlines the expansion of minimum requirements to additional critical sectors.
During a conference call with journalists, Anne Neuberger, the deputy national security advisor for cyber and emerging technology, emphasized the importance of ensuring the American public’s confidence in the durability and dependability of critical infrastructure and the vital services it delivers.
The administration seeks to transfer legal responsibility from end-users to software manufacturers who neglect to take necessary measures to create secure technology.
The Biden administration's new cybersecurity strategy seeks to shift the blame from companies that get hacked to software manufacturers and device makers, putting it on a potential collision course with Big Tech.https://t.co/fGEuzkxyoQ
— Bloomberg Law (@BLaw) March 2, 2023
In a statement accompanying the strategy document, Biden highlights that his administration is addressing the “systemic challenge” of individual users and small organizations bearing the majority of cybersecurity responsibility.
The strategy document outlines the need for more proactive measures to prevent cyberattacks, leveraging a combination of military, law enforcement, and diplomatic resources, as well as drawing on the private sector’s increasing knowledge of the adversary sector. The document stresses that these offensive actions must be executed with extraordinary swiftness, magnitude, and frequency.
The strategy categorizes ransomware attacks, which involve hackers encrypting a victim’s data and demanding payment in exchange for the decryption key, as a national security threat instead of a criminal issue. This reclassification indicates that the government will employ methods beyond arrests and indictments to address the problem and widely expands its power to do so.