In a recent turn of events, The White House has launched a new cybersecurity strategy that addresses, apart from other things, the role of giant tech companies in refraining cyberattacks. The strategy document calls to “rebalance the responsibility to defend cyberspace,” shifting responsibility for things like ransomware attacks off of individuals, small businesses, and local governments. It also singles out China as “the broadest, most active, and most persistent threat to both government and private sector networks.”
President Joe Biden’s plan highlights goals and not just immediately implemented rules. But if they are passed into laws and regulations, it would stretch cybersecurity requirements for companies that run digital infrastructure the White House seems to criticise. That could comprise “cloud computing services that power a huge portion of web infrastructure — and would have to meet minimum security standards or face legal liability.” The strategy asks government agencies to encourage compliance with tax breaks or other incentives.
Other than that, the administration says it will work with Congress to prohibit software companies from evading liability for shipping products without taking reasonable security precautions. “Companies that make software must have the freedom to innovate, but they must also be held liable when they fail to live up to the duty of care they owe consumers, businesses, or critical infrastructure providers,” the strategy document says.
According to the Biden administration, the goal is to shore up a digital ecosystem that’s left many people to their own (often insecure) devices. “A single person’s momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences,” says the document. “Protecting data and assuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as of the technology providers that build and service these systems.”
“The document calls out the growing threat of ransomware schemes as a particular area of focus. Alongside campaigns to shut down the actors running ransomware operations, it calls on agencies to go after illicit cryptocurrency exchanges” that help make ransomware profitable, following a 2022 order intended to regulate digital assets.
Biden’s strategy replaces a 2018 document created under former President Donald Trump.