Biden Advocates Tougher Cybersecurity for Private Enterprise

The Biden administration has issued rules requiring key U.S. companies to meet minimum cybersecurity standards. The new National Cybersecurity Strategy (NCS) calls on software makers and American industry to be more active in the fight to repel hackers and ransomware groups even as the FBI accelerates global efforts to disrupt bad actors. Although the strategy is a policy document rather than an executive order, it represents a major policy shift, escalating participation by both the public and private sectors, while anticipating legislative changes required to give teeth to the plan.

Observers say legislation may be a challenge with a Republican-led House. But even by itself, the NCS mandates an expanded role by private industry, which accounts for a majority of the nation’s digital infrastructure, one way it differs from similar initiatives by previous administrations.

It is also distinctive in increasing the government role in pre-empting private enterprise cyberattacks, including those that originate abroad. Since the federal government doesn’t have authority to impose cybersecurity requirements on state-run operations, including hospitals, those businesses are technically exempt from the NCS. But hospitals have been a target for hacking, and the hope is they will voluntarily comply.

“For years, the government has pressed companies to voluntarily report intrusions in their systems and regularly patch their programs to fix newly discovered vulnerabilities, much as an iPhone does with automatic updates every few weeks,” writes The New York Times. “But the new National Cybersecurity Strategy concludes that such good-faith efforts are helpful but insufficient in a world of constant attempts by sophisticated hackers, often backed by Russia, China, Iran or North Korea, to get into critical government and private networks.”

The NCS vision calls for “fundamental changes to the underlying dynamics of the digital ecosystem,” the White House explained in a news announcement. If enacted through new regulations and law, in addition to heightening minimum cybersecurity requirements for critical infrastructure, the initiative would “perhaps impose liability on firms that fail to secure their code, much like automakers and their suppliers are held liable for faulty airbags or defective brakes,” NYT notes.

In another national security move, the Biden administration is preparing to take steps to prohibit U.S. investment in some sectors in China, “a new step to guard U.S. technology advantages during a growing competition between the world’s two largest economies,” The Wall Street Journal writes, citing “reports provided to lawmakers Friday on Capitol Hill” by  the Treasury and Commerce departments.

TikTok a Potential Target in Upcoming U.S. Bill to Ban Some Foreign Tech, Reuters, 3/5/23
White House Said to Consider Pushing Congress on Dealing with TikTok, The New York Times, 3/6/23

No Comments Yet

You can be the first to comment!

Leave a comment

You must be logged in to post a comment.