President Joe Biden’s administration announced a national cybersecurity strategy Thursday, which aims to create a safe digital environment through both defensive and offensive measures.
The strategy has two main goals, and the first concerns liability.
“We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us,” a press release about the announcement reads.
The second goal is to invest in the future of cybersecurity. The strategy details five “pillars” to implement these objectives: defending infrastructure, dismantling threats, shaping market forces to drive security, investing in a resilient future and forging international partnerships.
U.S. infrastructure has already faced significant cyberattacks in the last couple of years, including an attack by Russian hackers on Colonial Pipeline in 2021, which caused a major fuel shortage on the East Coast. The strategy is supposed to prevent occurrences like this by expanding minimum cybersecurity requirements and updating federal response policies.
The administration plans to work with Congress to codify cybersecurity requirements into law, saying voluntary efforts are not enough.
The second pillar of the strategy pays special attention to ransomware, a form of malware that restricts access to critical information until a ransom is paid. The strategy calls this “a threat to national security, public safety and economic prosperity,” and intends to prevent incidents before they happen by reducing profitability for criminals.
The third pillar focuses on holding tech companies accountable for security breaches and says the administration will explore federally funded cyber insurance to stabilize the economy if a cybercatastrophe does occur.
“A single person’s momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences,” the strategy reads.
To “invest in a resilient future,” the strategy proposes reducing internet vulnerabilities, developing a strong cyber workforce, and prioritizing “next-generation technologies such as postquantum encryption, digital identity solutions, and clean energy infrastructure.”
Finally, the strategy will seek to forge international partnerships with countries that also want to keep cyberspace safe. The administration plans to do this by building international coalitions, strengthening the capacities of allies overseas, and establishing a reliable global supply chain for technology products and services.
Michael Daniel, president of the Cyber Threat Alliance, told a Washington Post reporter that what stood out to him in the strategy was that it actually had substance.
“The other thing is that it really does cover a broad swath of policy areas and starts to take on some long-standing issues that we know that we have to do, but will generate potentially some opposition from industry and the Republican Party,” Daniel said.