On Thursday, the Biden administration unveiled an ambitious new National Cybersecurity Strategy that urges tech companies and software developers to take greater responsibility for safeguarding their systems against hackers. The strategy also calls for U.S. law enforcement and military agencies to take more proactive measures to neutralize the growing threat of ransomware gangs and other digital criminals, including those associated with foreign adversaries such as China and Russia.
According to President Joe Biden, the strategy recognizes that securing cyberspace requires a strong partnership between the public and private sectors, and the current practice of relying on voluntary cybersecurity efforts is inadequate. Additionally, Biden noted that the strategy addresses the systemic challenge of placing too much responsibility for cybersecurity on individual users and small organizations, a problem that has persisted for decades.
Biden’s plan shifts burden from individuals to Big Tech:
Acting National Cyber Director Kemba Walden briefed reporters and highlighted a crucial aspect of the new cybersecurity strategy. It involves transferring the responsibility of cybersecurity from those who currently bear the most significant impact, such as individuals, small businesses, and local governments, to those with the financial resources and expertise to handle it, which includes “Big Tech” companies and software developers.
Walden explained that the new cybersecurity strategy would redistribute the responsibility for managing cyber risk to those who have the capacity to handle it. “This strategy aims to assign a greater responsibility to the industry,” Walden stated, “while also ensuring that the federal government fulfills its commitments to the industry.”
The new strategy has several objectives, which include:
- Redistributing the responsibility for cybersecurity in a more equitable, effective, and impartial manner, by collaborating with industry, civil society, state, local, tribal, and territorial governments.
- Realigning corporate incentives to prioritize long-term investments in security, resilience, and new technologies.
- Collaborating with nation-state allies and non-governmental partners to reinforce responsible state behavior norms, hold countries like China, Russia, North Korea, and Iran accountable for their malicious conduct in cyberspace, and disrupt the networks of criminals responsible for dangerous cyberattacks worldwide.
- Collaborating with Congress to provide the necessary resources and tools to ensure that effective cybersecurity practices are implemented across critical infrastructure in the United States, with a greater emphasis on mandatory rather than voluntary compliance.
