Editor TLN
The Biden administration is pushing for more comprehensive federal regulations to keep the online environment safer from hackers, including shifting cybersecurity responsibilities from consumers to industry and treating ransomware attacks as national security threats. .
The plan is part of the National Cyber Strategy the administration released Thursday, which outlines long-term goals for how people, government and businesses can safely operate in the digital world. This includes placing the burden on the computer and software industry to develop “secure-by-design” products that are purposely designed, built, and tested to significantly reduce the number of exploitable flaws before they are brought to market.
The strategy “fundamentally reimagines America’s cyber social contract” and will “rebalance the responsibility of managing cyber risk to those who are best able to bear it,” Acting National Cyber Director Kemba Walden said at a news conference Wednesday. to preview the strategy.
Walden stressed that asking individuals, small businesses and local governments to shoulder the lion’s share of the burden of cybersecurity “is not only unfair, it’s ineffective.”
“The biggest, most capable, and best-positioned players in our digital ecosystem can and should shoulder more of the burden to manage cyber risks and keep us all safe,” he added.
The administration’s strategy is organized around five pillars; defend critical infrastructure; disrupt and dismantle threat actors; shape market forces to drive security and resilience; invest in a resilient future; and forge international alliances to pursue shared goals.
The strategy was crafted after a series of major cyber attacks, including the 2021 Colonial Pipeline ransomware attack and the Solar Winds cyber breach of federal government agencies in 2019-20. The attackers in those incidents exploited vulnerabilities in the core companies of an information security ecosystem, allowing access to a large number of customers. By placing higher security requirements on businesses that are critical to a cybersecurity system, the administration hopes there will be less risk of security breaches affecting users and customers.
Previous administrations’ approaches to cybersecurity focused more on voluntary public-private partnerships and information sharing practices. While the Biden White House strategy also seeks to improve cooperation with the private sector, it is the first to push for more aggressive and comprehensive federal regulation of cybersecurity.
Ransomware as threats to national security
Pointing to Iranian cyberattacks on Albanian government networks in 2022, Anne Neuberger, deputy national security adviser for cyber and emerging technology, warned that criminals and state actors have carried out destructive ransomware and cyberattacks all over the world. world.
Under the strategy, ransomware threats will be treated as national security issues rather than criminal activity.
“Americans must be able to trust that they can count on critical services, hospitals, pipelines, air, water services, even if they are under attack by our adversaries,” he said, underscoring the administration’s commitment to building a more resilient cyber environment. infrastructure and strengthen international alliances to deter cyberattacks.
The strategy lays the groundwork for a much more aggressive response from the federal government, including law enforcement and the military, to disrupt malicious cyber activity and prosecute its perpetrators.
“We are certainly in a more progressive position to make sure that we are protecting the American people from these threats,” a senior administration official said, adding that the administration will take diplomatic and intelligence action and financial sanctions as necessary.
“And military tools as needed. These are options that the president has and we are certainly open to using all of them,” the official said.
The White House did not respond to VOA’s inquiry about whether the options would include hacking operations against criminals or foreign governments.
The strategy calls out China, Russia, Iran, North Korea and “other autocratic states with revisionist intent,” accusing them of “aggressively using advanced cyber capabilities” to pursue goals that run counter to US interests and international norms. It singles out China as the country that presents the “broadest, most active and persistent threat to government and private sector networks.”
Investments in cyber infrastructure
The strategy also calls for long-term investments in the US cyber workforce, infrastructure and digital ecosystems, and highlights technologies to enhance national resilience and economic competitiveness.
However, the White House will implement the strategy without a national cyber director. Christopher Inglis, who headed the Office of the National Cyber Director established by Congress in 2021, resigned in mid-February. His deputy, Kemba Walden, is the acting national cyber director until the president appoints a new one and the Senate approves it. The role of the director is to coordinate the many agencies and departments charged with protecting the nation’s digital infrastructure and to engage with industry and international stakeholders.
Connect with the Voice of America! Subscribe to our channel Youtube and activate notifications, or follow us on social networks: Facebook, Twitter and Instagram.
