According to a Biden administration strategy document released on Thursday, March 2, 2023, the U.S. government plans to expand minimum cybersecurity requirements for critical sectors.
The government intends to be faster and more aggressive in preventing cyberattacks before they can occur, which includes that use of military, law enforcement and diplomatic tools.
The Democratic administration also aims to work with Congress on legislation that would impose legal liability on software makers whose products fail to meet basic cybersecurity safeguards, officials said.
The strategy largely codifies work that has already been underway during the last two years over an outbreak of high-profile ransomware attacks on critical infrastructure.
For instance, an attack on a major fuel pipeline that caused panic at the pump and resulted in an East Coast fuel shortage, as well as other attacks drew fresh attention on cybersecurity.
The Justice Department was able to recover most of a multimillion-dollar ransom payment made to hackers after the major fuel pipeline cyberattack.
The operation to seize cryptocurrency paid to the Russia-based hacker group was the first of its kind to be undertaken by a specialized ransomware task force created by the Biden administration’s Justice Department.
It reflected a rare victory in the fight against ransomware as U.S. officials scramble to confront a rapidly accelerating threat targeting critical industries around the world.
Nonetheless, officials hope the new strategy lays the groundwork for countering an increasingly challenging cyber environment.
“This strategy will position the United States, its allies and partners to build that digital ecosystem together, making it more easily and inherently defensible, resilient, and aligned with our values,” the document states.
President Joe Biden’s administration has already taken steps to impose cybersecurity regulations on certain critical industry sectors, such as electric utilities and nuclear facilities, and the strategy calls for minimum requirements to be expanded to other vital sectors.
Americans Should Have Confidence Resiliency Of Critical Infrastructure
Anne Neuberger, the administration’s Deputy National Security Adviser for Cyber and Emerging Technology, noted on a conference call with reporters that it was “critical that the American people have confidence in the availability and resiliency of our critical infrastructure and the essential services it provides.”
The administration also wants to shift legal liability onto software makers that fail to take basic precautions to produce secure technology, saying that companies should be held accountable rather than end users.
In a statement accompanying the document, Biden noted that his administration is taking on the “systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small organizations.”
“By working in partnership with industry; civil society; and state, local, tribal, and territorial governments, we will rebalance the responsibility for cybersecurity to be more effective and equitable.”
President Joe Biden
The strategy document calls for more aggressive efforts to foil cyberattacks before they can occur by drawing on a range of military, law enforcement and diplomatic tools as well as help from a private sector that “has growing visibility into the adversary sector.”
According to the document, such offensive operations need to take place with “greater speed, scale, and frequency.”
“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the strategy document noted.
Under the strategy, ransomware attacks; in which hackers lock up a victim’s data and demand large fees to return it, are being classified as a threat to national security rather than a criminal challenge.
This means that the government will continue using tools beyond arrests and indictments to combat the problem.
READ ALSO: US Congratulates Nigeria On Election
