‘A single person’s momentary lapse in judgment … should not have national security consequences.’
The White House has issued a new cybersecurity strategy that addresses, among other things, the role of large tech companies in preventing cyberattacks. The strategy document calls to “rebalance the responsibility to defend cyberspace,” shifting responsibility for things like ransomware attacks off of individuals, small businesses, and local governments. It also singles out China as “the broadest, most active, and most persistent threat to both government and private sector networks.”
President Joe Biden’s plan outlines goals rather than immediately implemented rules. But if passed into laws and regulations, it would expand cybersecurity requirements for companies that run digital infrastructure the White House deems critical. That could include cloud computing services that power a huge portion of web infrastructure — and would have to meet minimum security standards or face legal liability. The strategy asks government agencies to encourage compliance with tax breaks or other incentives.
On top of that, the administration says it will work with Congress to stop software companies from evading liability for shipping products without taking reasonable security precautions. “Companies that make software must have the freedom to innovate, but they must also be held liable when they fail to live up to the duty of care they owe consumers, businesses, or critical infrastructure providers,” the strategy document says.
The goal, according to the Biden administration, is to shore up a digital ecosystem that’s left many people to their own (often insecure) devices. “A single person’s momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences,” says the document. “Protecting data and assuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as of the technology providers that build and service these systems.”
The document calls out the growing threat of ransomware schemes as a particular area of focus. Alongside campaigns to shut down the actors running ransomware operations, it calls on agencies to go after “illicit cryptocurrency exchanges” that help make ransomware profitable, following a 2022 order intended to regulate digital assets.
Biden’s strategy replaces a 2018 document created under former President Donald Trump.