Biden Administration Announces New National Cybersecurity Strategy
The Biden Administration has announced a long-awaited new national cybersecurity strategy for tackling the growing threat of cyberattacks on critical infrastructure, disrupting cyber threat operations, and improving cyber resilience against malicious cyber activity from cybercriminal groups and nation-state actors. The aim is to ensure a safe and secure digital ecosystem for all Americans and that requires fundamental shifts in roles, responsibilities, and resources in cyberspace and a shifting of the burden of cyber resilience away from individuals, small businesses, and local governments onto the multi-billion dollar technology companies that provide software and information technology.
The new strategy will involve a more intentional, better coordinated, and more well-resourced approach and a realigning of incentives to favor long-term investments in cybersecurity to achieve a better balance between defending against current threats and planning for and investing in a cyber-resilient future. The new cybersecurity strategy sets a path to address current and future threats to protect investments in rebuilding America’s infrastructure, develop the clean energy sector, and re-shore America’s technology and manufacturing base. The aim is to make the digital ecosystem of the United States more defensible and make cyber defense easier, cheaper, and more effective.
The new cybersecurity strategy is based on five pillars:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
To better defend critical infrastructure the government will expand minimum cybersecurity requirements in critical sectors and harmonize regulations to reduce the burden of compliance. Public-private collaboration will improve at the speed and scale necessary to defend against cyber threats, federal networks will be modernized, and cyber incident response policies will be improved.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The Biden Administration has already taken steps to accelerate efforts to disrupt cyber threat operations and dismantle the infrastructure used in attacks, and all tools of national power will be used to continue that mission. The private sector will be engaged to assist and provide scalable mechanisms to achieve those aims, and the ransomware threat will be tackled through a comprehensive federal approach, assisted by international partners.
Improving security and resilience will not be possible without comprehensive assistance from vendors, who must shoulder more of the responsibility of protecting against cyber threats. Liability for protecting against threats will shift from individuals and companies to the developers of software products and services, and federal grant programs will be introduced to promote investments in secure and resilient infrastructure.
To ensure a resilient future, strategic investments are required in people and technology. Through coordinated, collaborating action, the United States will lead the world in secure and resilient next-generation technologies and will help to reduce systemic technical Internet vulnerabilities, prioritize cybersecurity R&D for next-generation technologies, and develop a diverse and robust national cyber workforce.
International coalitions and partnerships will be forged with like-minded nations to counter cyber threats, the capacity of partners to defend themselves will be increased, and investments will be made to ensure trustworthy global supply chains for IT and communications technology and OT products and services.
“I’m pleased to see the Biden Administration advocating for the kind of best practices that I’ve long called for, such as building and reinforcing strong partnerships with the private sector, investing in the long-term protection of our nation’s critical infrastructure, being proactive about establishing strong cybersecurity foundations and meeting critical standards,” said Senator Mark R. Warner (D-VA), Chairman of the Senate Intelligence Committee.
“I’m particularly pleased to see the Administration prioritize the coordination of cyber incident reporting requirements, as required by the cyber reporting law I was proud to author. I’m also glad to see the Administration’s renewed focus on protecting the sensitive medical data and safety of Americans as cyber attacks on our health care systems become more frequent and aggressive,” added Warner.
“The latest National Cybersecurity Strategy is a strong signal that industry’s continued partnership and collaboration in building resiliency across U.S. critical infrastructure is needed now more than ever. We recognize the importance of rebalancing and enhancing how we collectively defend national interests, privacy, intellectual property, and critical systems in cyberspace,” said Stacy O’Mara, Senior Leader, Global Government Strategy, Policy, and Partnerships, Mandiant.
“Mandiant looks forward to promoting evolution of the private-public partnership model as outlined in the Strategy to compensate for resource-restricted, at-risk sectors and entities that need collective assistance to defend themselves. We see this call to action as a timely opportunity to better align our collective defense to the threat landscape by taking a risk-based approach to prioritize threats, capabilities, resources, and investments.”
