Biden’s cybersecurity plan expands requirements for critical infrastructure

The White House is relying on more than one executive order to strengthen online security. The Biden administration issued a National Cybersecurity Strategy aimed at “rebalancing” responsibilities to large companies and organizations best equipped to handle threats. The initiative will specifically expand the use of minimum security standards for critical infrastructure, and establish a common set of regulations to make compliance with that baseline easier.

Accordingly, the administration also wants to promote public-private alliances that can more effectively defend infrastructure. The federal government will also modernize networks and response policies to protect against threats.

Companies can also be on the hook for bad behavior. The strategy will shift some responsibility for software and services to developers who ignore recommended cybersecurity practices or ship products with known vulnerabilities. The White House hopes to work with Congress and companies on legislation that bans general liability and sets tougher standards for “specific high-risk scenarios.” A safe harbor provision would protect companies that are sincerely trying to make safe products.

The plan also invests more in cybersecurity research and workforce. The administration hopes to cut “systemic” vulnerabilities at the core of the internet, and adapt to emerging technologies such as postquantum encryption (that is, protection against quantum-based hacks) and digital ID. Some policies cannot be changed. The government will actively “disrupt and dismantle” threats, including international cooperation in the fight against ransomware.

The implementation has started, said the administration. as Cyberscoop points out, however, there is no guarantee that the strategy will work as promised. The outline largely delegates responsibilities to individual agencies, Congress and in some cases state regulators. The result may not be as harmonious as expected. It’s also unclear whether developers will accept laws that make them liable for security holes. However, the approach sets expectations for how federal officials will deal with digital threats in the future.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publication.

Leave a Comment