The US government has released its National Cybersecurity Strategy, which aims to make critical infrastructure vendors accountable for their cybersecurity efforts and authorizes more aggressive tactics to tackle ransomware attacks and foreign adversaries. President Biden has authorized the document, 35 pages long, on Thursday evening, safeguarding American businesses from cyberattacks.
The government plans to use regulation to level the playing field and shift liability onto organizations that fail to make reasonable precautions to secure their software. It also plans to work with Congress to close legal gaps where there are any. The strategy document assigns work to the FBI’s National Cyber Investigative Joint Task Force, which will work alongside all relevant US agencies and private companies as "full partners" to issue early warnings and help repel cyberattacks. The strategy is divided into five parts:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
The US government's strategy also includes discouraging the payment of data-extortion ransoms to cybercriminals, arguing that reducing their potential for profit is the most effective way to undermine their motivation. The strategy aims to make malicious actors incapable of mounting sustained cyber-enabled campaigns that could threaten the national security or public safety of the US. In the 35 page document authorized by President Biden, the following is stated: “Disruption campaigns must become so sustained and targeted that criminal cyber activity is rendered unprofitable and foreign government actors engaging in malicious cyber activity no longer see it as an effective means of achieving their goals,”
The government will use its authority to set necessary cybersecurity requirements in critical sectors and work with cloud and internet infrastructure providers to identify malicious use of US-based infrastructure, share reports of malicious use, make it easier for victims to report abuse of these systems, and make it harder for malicious actors to gain access to these resources in the first place.
Furthermore, the US government is considering creating a federal cyber insurance safety net to bring stability to the economy in the event of catastrophic cyber events or major crises.
Other Posts you might be interested in:
Amidst the proliferation of AI tools, Google has announced new features that allow users to protect themselves from threats, identify AI-generated images and further protect sensitive data.
Read More
Microsoft addressed a data exposure incident stemming from AI researchers inadvertently sharing open-source training data on GitHub, leading to the exposure of 38TB of private information. The swift mitigation measures highlight the importance of secure data practices in the context of AI-driven initiatives.
Read More
New Studies from BitDefender and Arctic Wolf show that cybergroups are employing new tactics that exploit popular social channels such as Facebook and Youtube. The exploit uses DLLs, shared code libraries used by every operating system to hide malicious code by in the form of a legitimate DLL.
Read More