According to a Biden administration strategy document released on Thursday, the U.S. government intends to increase the minimum cybersecurity standards for critical sectors and to be quicker and more aggressive in preventing cyberattacks before they can occur, including using the military, law enforcement, and diplomatic tools.
According to insiders, the Democratic administration also plans to collaborate with Congress on legislation that would hold software developers legally responsible when their products fall short of fundamental cybersecurity precautions.
The plan primarily codifies the work that has been done over the past two years in response to a slew of high-profile ransomware assaults on vital infrastructure. Cybersecurity has recently received more attention as a result of attacks on major petroleum pipelines, which resulted in fear at the pump and an East Coast fuel scarcity. Nonetheless, officials are hoping that the new approach will provide the groundwork for overcoming an increasingly difficult cyber environment.
The policy “will position the United States and its allies and partners to develop that digital ecosystem together, making it more simply and inherently defendable, robust, and consistent with our principles,” according to the document.
The government of President Joe Biden has already taken action to put cybersecurity restrictions on some crucial economic sectors, including electric utilities and nuclear plants, and the policy calls for expanding the minimum standards to additional crucial industries.
It is crucial that the American people have faith in the availability and resilience of our vital infrastructure and the key services it delivers, according to Anne Neuberger, the administration’s deputy national security adviser for cyber and emerging technology.
Using a variety of military, law enforcement, and diplomatic weapons as well as assistance from the corporate sector that “has increased visibility into the adversary sector,” the strategic plan calls for more aggressive attempts to block cyberattacks before they can begin. According to the text, such offensive actions must occur with “increased speed, size, and regularity.”
“Our goal is to make hostile actors incapable of undertaking persistent cyber-enabled activities that would endanger the national security or public safety of the United States,” the strategic plan says.
The plan classifies ransomware attacks, in which hackers encrypt a victim’s data and demand a hefty ransom in exchange for the data’s release, as a threat to national security rather than a legal issue, meaning that the government will continue to use methods other than arrests and indictments to deal with the issue.
