This week the White House released its long-awaited National Cyber Strategy. It outlines how the Biden administration intends to defend the U.S. from cyber threats.
The essence of the plan is a “reimagining” of “America’s cyber social contract” according to Acting National Cyber Director Kemba Walden. It involves shifting the burden of cybersecurity from individuals, small businesses, and local governments to the software developers and other larger institutions that have the needed resources and expertise to deal with it.
As part of the effort, the Biden administration is seeking legislation that establishes liability for software companies that fail to take reasonable precautions to secure their products and services. The legislation would also protect companies that securely develop and maintain their software products and services.
According to Walden, “the biggest, most capable and best-positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe.” She added that putting the responsibility on individuals and groups who lack the resources is “unfair” and “ineffective.”
This legislation isn’t expected to be realized in the next year, but is part of the overall, longer-term plan.
The Biden administration said it will also take a look at national insurance protection in the event of a catastrophic cyberattack to supplement the existing cyber insurance market.
In addition, the strategy will focus on defending critical infrastructure, expanding security requirements in certain sectors, incentivizing long-term investments in cybersecurity, dealing with urgent threats, prioritizing research and development for new cybersecurity technologies, expanding the cyber workforce, and streamlining regulations. It will elevate ransomware to a national security threat instead of just a criminal matter.