March 2 – Today, the Biden-Harris administration released a new national cyber security strategy that emphasizes shifting the burden of defense for the country onto software vendors and software service providers.
“We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments and onto the organizations that are most capable and best-positioned to reduce risks for all of us,” says the White House.
New U.S. cyber security strategy
The White House’s main objectives are to ensure defense of critical infrastructure, to disrupt malicious threat actors who intend to harm U.S. interests, to strategically invest in a more secure digital ecosystem and to create international partnerships that facilitate the achievement of shared goals.
“Disruption campaigns must become so sustained and targeted that criminal cyber activity is rendered unprofitable and foreign government actors engaging in malicious activity no longer see it as an effective means of achieving their goals,” stated the administration.
Service provider mandates
According to the White House, all service providers must make reasonable efforts to secure the use of their infrastructure, making it difficult for adversaries to interrupt infrastructure use.
The new strategy also describes ransomware as a major threat, although this is not a new area of focus. In 2021, the White House issued an open letter to U.S. companies, encouraging leaders to treat ransomware risks as an urgent matter. The letter arrived shortly after several large U.S enterprises experienced ransomware incidents.
Top threats to U.S. national security
According to the White House, China and Russia represent the most active and aggressive nations responsible for some of the malicious activity that has targeted U.S. critical infrastructure and assets.
“Over the last ten years, [China] has expanded cyber operations beyond intellectual property theft to become our most advanced strategic competitor with the capacity to threaten U.S. interests and dominate emerging technologies critical to global development.”
New coordination around cyber security
The Office of National Cyber Director (ONCD) and the Office of Management and Budget (OMB) will coordinate new cyber security initiatives with oversight from the National Security Council (NSC).
The groups are also expected to make annual reports to the President and the U.S. congress to report on new strategy effectiveness. Further, they will provide federal agencies with annual guidance pertaining to cyber security budget priorities.