The United States Launches a More Aggressive National Cybersecurity Strategy
The U.S. government is working on more comprehensive federal regulations to ensure a safer cyberspace from hackers, including shifting responsibility for cyberspace security from consumers to industry and treating ransomware attacks as a national security threat.
The plan is part of a national cyber strategy released by the administration on Thursday. This strategy lays out long-term goals for individuals, governments, and businesses to operate securely in the digital world, including placing the onus of security on the computer and software industry to develop "secure by design" products, which are deliberately designed, manufactured, and tested before they go to market. Security products that drastically reduce the number of exploitable flaws.
The strategy "fundamentally reimagines America's online social contract" and "puts responsibility for managing cyber risk reallocated to those best able to take the risk".
Walden emphasized that asking individuals, small businesses and local governments to shoulder most of the online security burden is not only "unfair, it's ineffective."
"The largest, most capable and equipped parts of our digital ecosystem should take greater responsibility to manage cyber risk and keep us all safe," she added.
The strategy has five main pillars: defending critical infrastructure, disrupting and eradicating threats, shaping market forces to drive security and resilience, investing in a resilient future, and building international partnerships toward shared goals.
The U.S. began drafting the strategy after a series of major cyberattacks. These attacks include the ransomware attack on the Colonial Pipeline in 2021 and the Solarwinds cyber attack on federal government agencies in 2019-2020. Hackers exploited gaps in the agencies' vital computer security ecosystems to gain access to vast amounts of customer information. By imposing greater security responsibilities on companies critical to cybersecurity systems, the U.S. government hopes to reduce cybersecurity risks for users and customers.
Ransomware is a national security threat
U.S. deputy national security adviser for cyber and emerging technologies, Anne Neuberger, cited Iran's 2022 cyberattack on Albania's government cyber systems as an example, warning that criminals and state actors are already waging destructive campaigns around the world. Cyber ??and ransomware attack.
Under the new cyber strategy, the ransomware threat will be dealt with as a matter of national security rather than a criminal offence.
She said: "Americans must confidently rely on critical services, hospitals, gas pipelines, aviation, drinking water services, etc., despite our adversary intending to attack them." She emphasized that the US government is committed to building a more resilient network infrastructure and strengthen international cooperation to deter cyber attacks.
The strategy lays the groundwork for a more aggressive response by the federal government, including law enforcement and the military, to disrupt malicious online behavior and track down perpetrators.
"We're certainly in a much more aggressive position to make sure we protect the American people from these threats," a senior U.S. government official said, adding that the U.S. government would take necessary diplomatic and intelligence actions as well as financial sanctions .
He added: "Military means are also necessary. Those are options that the president has, and we are certainly open to using all of them."
The White House did not respond to a question from VOA about whether those options included countering cyberattacks by criminals or foreign governments.
The strategy focuses on China, Russia, Iran, North Korea, and "other despicable authoritarian states," accusing them of recklessly using advanced cyberspace capabilities to pursue goals that run counter to U.S. interests and international norms. This strategy identifies China as the country that poses the broadest, most active, and most persistent cyber threat to U.S. government and private sector networks.
Invest in cyberspace infrastructure
The strategy also calls for investments in U.S. cyberspace practitioners, infrastructure, digital ecosystems, and critical technologies that help improve the nation's defense resilience and economic competitiveness.
However, the White House will execute the strategy without a national cyber director. Chris Inglis, who served as director of the national network after Congress created the post in 2021, left in mid-February.
His deputy, Kemba Walden, is acting governor until the president appoints a new candidate and is confirmed by the Senate. The Director's role is to coordinate the many agencies and departments responsible for securing the nation's digital infrastructure and to engage with industry and international stakeholders.