The White House has issued a new cybersecurity strategy that addresses, among other things, the role of major technology companies in preventing cyberattacks. The strategy document calls for “balancing the responsibility to protect cyberspace,” shifting responsibility for things like ransomware attacks to individuals, small businesses, and local governments. It also singled out China as the “widest, most active, and most persistent threat to government and private sector networks.”
President Joe Biden’s plan outlines goals rather than immediately implementing rules. But if passed into law and regulation, it would expand cybersecurity requirements for companies that run digital infrastructure that the White House considers critical. That could include cloud computing services that power large parts of the web’s infrastructure — and must meet minimum security standards or face legal liability. The strategy asks government agencies to encourage compliance with tax breaks or other incentives.
The strategy calls out ransomware as an urgent threat
Beyond that, the administration says it will work with Congress to stop software companies from avoiding liability for shipping products without taking reasonable security precautions. “Software companies should have the freedom to innovate, but they should also be held accountable if they fail to fulfill the duty of care they owe to consumers, businesses, or critical infrastructure providers, ” said the strategy document.
The goal, according to the Biden administration, is to upend a digital ecosystem that leaves more people to their own (often insecure) devices. “One’s momentary lapse in judgment, use of an outdated password, or mistakenly clicking on a suspicious link should not have national security consequences,” the document says. “Protecting data and ensuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society work, as well as the technology providers who build and serving these systems.”
The document cites the growing threat of ransomware schemes as a particular area of focus. Along with campaigns to stop actors running ransomware operations, it calls on agencies to pursue “non-illegal cryptocurrency exchanges” that help make ransomware profitable, following a 2022 order that intended to control digital assets.
Biden’s strategy replaces a 2018 document created under former President Donald Trump.