The US government has released its National Cybersecurity Strategy, which aims to make critical infrastructure vendors accountable for their cybersecurity efforts and authorizes more aggressive tactics to tackle ransomware attacks and foreign adversaries. President Biden has authorized the document, 35 pages long, on Thursday evening, safeguarding American businesses from cyberattacks.
The government plans to use regulation to level the playing field and shift liability onto organizations that fail to make reasonable precautions to secure their software. It also plans to work with Congress to close legal gaps where there are any. The strategy document assigns work to the FBI’s National Cyber Investigative Joint Task Force, which will work alongside all relevant US agencies and private companies as "full partners" to issue early warnings and help repel cyberattacks. The strategy is divided into five parts:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
The US government's strategy also includes discouraging the payment of data-extortion ransoms to cybercriminals, arguing that reducing their potential for profit is the most effective way to undermine their motivation. The strategy aims to make malicious actors incapable of mounting sustained cyber-enabled campaigns that could threaten the national security or public safety of the US. In the 35 page document authorized by President Biden, the following is stated: “Disruption campaigns must become so sustained and targeted that criminal cyber activity is rendered unprofitable and foreign government actors engaging in malicious cyber activity no longer see it as an effective means of achieving their goals,”
The government will use its authority to set necessary cybersecurity requirements in critical sectors and work with cloud and internet infrastructure providers to identify malicious use of US-based infrastructure, share reports of malicious use, make it easier for victims to report abuse of these systems, and make it harder for malicious actors to gain access to these resources in the first place.
Furthermore, the US government is considering creating a federal cyber insurance safety net to bring stability to the economy in the event of catastrophic cyber events or major crises.
Other Posts you might be interested in:
Amidst economic uncertainties and budget constraints, SMEs struggle with complex tech stacks, compliance obligations, and a severe skills shortage, prompting the consideration of Security Operations Centers (SOCs) and Managed Service Providers (MSPs) as crucial solutions to enhance their cybersecurity defenses."
Read More
An overview of the cyberespionage threat actor APT43, also known as Kimsuky or Thallium, which supports the interests of the North Korean regime and has been targeting government and military personnel, think tanks, policymakers, academics and researches throughout the western sphere.
Read More
As companies generate and accumulate increasingly large amounts of data, it becomes essential for them to develop and implement data retention policies. These policies help companies manage their data in a consistent and secure manner while also ensuring they comply with legal requirements and regulations.
Read More