The White House on Thursday released an ambitious national cybersecurity strategy that calls for new federal regulation of vulnerable critical infrastructure firms and for software makers to be held liable when their products leave gaping holes for hackers to exploit.
The strategy – shaped by major hacking incidents that threatened key public services in the first year of the Biden administration – embraces the US government’s regulatory and purchasing power to force companies that are critical to economic and national security to raise their cyber defenses.
It reflects a widely held belief in the US government that market forces have failed to keep the nation safe from cybercriminals and an array of foreign governments such as Russia and China.
“We ask individuals, small businesses and local government to shoulder a significant burden for defending us all. This isn’t just unfair, it’s ineffective,” Acting National Cyber Director Kemba Walden told reporters Wednesday. “This strategy asks more of industry, but also commits more from the government.”
The strategy is a policy document and not law, but it could shape corporate behavior for years to come as firms compete for billions of dollars in federal contracts that increasingly require a minimum set of cybersecurity defenses. And the White House says it wants to work with Congress to develop legislation that holds software makers liable when their products and services don’t provide adequate protections from sabotage.
The goal of US government and corporate work on cybersecurity should be to “correct market failures, minimize the harms from cyber incidents to society’s most vulnerable,” a copy of the strategy states.
The strategy does not specify which sectors of the economy the administration could regulate next, but US officials have previously signaled that one area…
Read the full article here