The Biden administration has issued a new cybersecurity strategy that calls on American industries and software makers to take greater responsibility for ensuring their systems cannot be hacked. The strategy also accelerates efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world.
The government has for years pressed companies to report intrusions in their systems voluntarily and patch their programs regularly to fix newly discovered vulnerabilities. However, the new National Cybersecurity Strategy concludes that such good-faith efforts are helpful but insufficient in a world of constant attempts by sophisticated hackers, often backed by countries like Russia, China, Iran, or North Korea, to get into critical government and private networks.
The new strategy, which is a policy document and not an executive order, represents a significant shift in attitude toward the "public-private partnerships" that the government has talked about for years. While some aspects of the new strategy are already in place, others would require legislative changes, potentially a significant challenge in a Republican-dominated Congress.
One of the key changes is that companies must be required to meet minimum cybersecurity standards. The federal government does not have the ability to impose cybersecurity requirements on state-run facilities like hospitals, which have been targeted by hackers. The new strategy also highlights the need for increased cooperation and information-sharing between government agencies and private companies. The strategy acknowledges that the private sector owns and operates the vast majority of critical infrastructure in the United States, making it a primary target for cyberattacks.
The Biden administration's new cybersecurity strategy is a response to the growing threat of cyberattacks and ransomware attacks against critical infrastructure, including hospitals, power plants, and transportation networks. These attacks can cause significant disruption and even endanger lives. The new strategy is designed to ensure that American industries and software makers take responsibility for the cybersecurity of their systems and to disrupt the activities of hackers and ransomware groups around the world.