The Biden administration released its highly anticipated national cybersecurity strategy Thursday, which is intended to provide steps it will take to protect the nation’s cybersecurity ecosystem.
The strategy outlined several key pillars it will focus on, including defending critical infrastructure from cyberattacks, disrupting and dismantling cyber criminals, and forging international partnerships.
“Our rapidly evolving world demands a more intentional, more coordinated, and more well-resourced approach to cyber defense,” the report said.
“We face a complex threat environment, with state and non-state actors developing and executing novel campaigns to threaten our interests,” the report added.
In the first pillar, the strategy said it will secure critical infrastructure by broadening the minimum cybersecurity requirements for critical sectors. It will also allow for more public-private partnerships and modernize federal networks to keep up with evolving cyber threats.
Last year, Congress introduced and passed a number of bipartisan cyber bills aimed at protecting critical infrastructure, including the health and energy sectors, from cyberattacks.
Among those bills was a legislation signed into law last year that requires companies in critical sectors to report substantial cyberattacks within 72 hours and ransomware payments within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA).
The administration also said that it will shift the responsibility to defend the nation’s cybersecurity away from individuals, small businesses, and local governments to “organizations that are most capable and best-positioned to reduce risks for all of us,” including the federal government.
“Today, across the public and private sectors, we tend to devolve responsibility for cyber risk downwards,” Kemba Walden, acting National Cyber Director, said during a briefing call to reporters on Wednesday.
“We ask individuals, small businesses and local governments to shoulder a significant burden for defending us all,” she said. “This isn’t just unfair, it’s ineffective.”
She added that the government should “double down” on resources they have, including using law enforcement and military authorities “to disrupt malicious cyber activity and pursue their perpetrators.”
Walden was named acting director following the resignation of Chris Inglis, who was appointed by Biden in 2021 to serve as the nation’s first national cyber director. Inglis officially stepped down from his role in mid-February.
The second pillar focuses on disrupting and dismantling cyber criminals, including nation state threat actors, by using all resources necessary to “make it harder for them to threaten the national security and public safety” of the country.
In recent years, the U.S. government has stepped up its efforts to crack down on malicious cyber activity, including prosecuting and sanctioning cyber criminals.
Just last month, the Department of Justice announced that it had arrested and extradited a Russian individual who allegedly developed and sold a malicious software program that breached 35,000 computers worldwide.
The Russian defendant is facing multiple charges and could face up to 47 years in prison.
And in early February, the Treasury Department and the United Kingdom announced joint sanctions against individuals tied to a Russia-based cybercrime gang known as Trickbot.
The group reportedly targeted hospitals and health care centers with ransomware attacks at the height of the COVID-19 pandemic in 2020.
“We’re elevating our work on ransomware declaring it a threat to national security rather than just a criminal challenge,” said Anne Neuberger, White House deputy national security adviser for cyber and emerging technology, during the call.
The third pillar focuses on strengthening collaboration with foreign partners who share a common mission. The administration said it will leverage international coalitions among “like-minded nations” to counter cyber threats.
It also said that it will help countries strengthen their cyber defenses so they can better defend themselves against cyber threats.
“Threats through cyberspace are often borderless; cyber defense matters in the modern geopolitical climate, and we must work with our close allies and partners to deliver the security our citizens deserve,” Neuberger said.