The US government has released its long-awaited “National Cybersecurity Strategy,” which will require software vendors and critical infrastructure operators to meet mandatory cybersecurity requirements. It also authorizes intelligence and law enforcement agencies to break into the computer networks of cybercriminals and foreign governments to thwart cyberattacks. The document is divided into five pillars: defense of critical infrastructure; dismantling threat operators; shaping “market forces” to drive security and resilience; investment in a resilient future; and forming international partnerships to pursue shared goals. The strategy aims to level the playing field by shifting the liability to vendors and companies that fail to take reasonable precautions to protect their software. The US government will use regulatory authorities to define “necessary cybersecurity requirements in critical industries,” and plans to work with Congress to close legal loopholes.
The strategy is seen as a move towards a more aggressive “hack-back” approach. Its aim is to render threat operators incapable of mounting sustained cyber campaigns that threaten the national security or public safety of the United States. It empowers intelligence and law enforcement agencies to “disrupt and dismantle threat operators,” including foreign APT groups and data-extortion ransomware gangs. It also encourages the adoption of secure-by-design principles in defining cybersecurity regulations for critical infrastructure. The federal government plans to increase the speed and scale of information sharing to proactively warn of impending threats.
The White House will also run campaigns to discourage the payment of extortion ransoms to cybercriminals, arguing that “the most effective way to undermine the motivation of these criminal groups is to reduce the potential for profit.” The document adds that private companies will be “full partners” to issue early warnings and help repel cyber attacks.
In other news, the US administration has launched a new national security strategy aimed at countering China’s rise while emphasizing the importance of working with allies to address the challenges facing democracies. The document does not include major changes in American political thinking or important new doctrines for Biden’s foreign policy, but underscores the White House’s view that US leadership is key to overcoming global threats such as climate change and the rise of authoritarian regimes. The policy highlights the importance of managing the relationship with China while dealing with a host of transnational issues that affect people everywhere, such as climate change, food insecurity, communicable diseases, terrorism, energy transition, and inflation. Even after Russia’s invasion of Ukraine, China continues to pose the most important challenge to the global order, according to the new security policy.
National Security Advisor Jake Sullivan stated that the US intends to win the arms and economic race with China if it wants to maintain its influence around the world. He added that the People’s Republic of China “harbors the intent and, increasingly, the ability to reshape the international order in favor of one that tilts the global playing field to its advantage.” However, political analysts warn that President Joe Biden needs to resolve some important issues in the field of foreign policy, including tariffs on Chinese products imposed by his predecessor, Donald Trump, which have cost American importers billions of dollars. On the other hand, it faces new challenges presented by Russia’s actions, strained relations with Saudi Arabia, a longtime US ally, and India’s dependence on Russian energy.
