A 2021 hacker attack on a major oil pipeline sparked panic at gas stations across the United States, resulting in a fuel shortage on the East Coast. Other offensives have made cybersecurity a Washington national priority. Russia’s invasion of Ukraine has further exacerbated these concerns.

The White House recently released its new cybersecurity strategy that addresses, among other things, the role of big tech companies in preventing cyberattacks. The strategic document called for “rebalancing responsibility for defending cyberspace”, seeking to support individuals, small businesses and local governments. Furthermore, he singled out China as “the largest, most active and persistent threat to government and private sector networks”.

In a new report, Forrester Research said state-backed cyberattacks increased by nearly 100% between 2019 and 2022, and their nature has changed. Threats mostly come from abroad: Russian-based cybercriminals and hackers from Chinese, North Korea e Iran.

A new vision for cybersecurity

Biden’s strategy supersedes a 2018 document released under the former president Donald Trump: the new plan has defined precise objectives and strengthened the efforts implemented in recent years. If it were to be approved in full, it could expand the cybersecurity requirements for companies that manage digital infrastructures considered critical by the White House. This could include the services of cloud computing.

The document lays the groundwork for countering growing threats to government agencies, private industry, schools and other infrastructure critical to American society. The Biden administration has already imposed standards of cybersicurezza to some critical areas, such as the electricity sector and gas pipelines. The strategy plans to extend this approach.

The document can be summarized within five fundamental pillars, distinct but complementary: defending critical infrastructures, blocking and dismantling cyber threat actors, shaping the market to promote security, investing in a resilient future and creating international partnerships to pursue shared goals. These pillars complement existing initiatives and usher in new efforts to propel the United States into a more secure future.

Critical infrastructure

In recent years, the United States has experienced a series of cybersecurity incidents that have alerted the vulnerability of many critical infrastructures. Washington has recognized that these sectors are vital to economic prosperity and national security: significant efforts are needed to keep them safe and functioning. The new IT strategy has two folds approach to the defense of critical infrastructures: improve collaboration with other stakeholders and make your systems more resilient, identifying a series of strategic objectives.

The first objective focuses on the need to establish information security requirements in support of national stability. The strategy recognizes that new authorities will be needed to oversee minimum cybersecurity requirements for certain sectors, such as “agribusiness, government facilities and critical manufacturing”. While it is not stated which authorities and sectors fall into each category, a forthcoming implementation plan is likely to provide better perspectives on action to be taken.

To complete the work, the US administration has outlined other goals, such as increasing public-private collaboration and improving coordination between federal government agencies and the private sector. Finally, focus on modernizing federal defenses: thezero trust architecture (ZTA, “Zero Trust Architecture”), a security model that eliminates implicit trust in anything, is at the heart of this effort. The HAZ is based on principles such as multi-factor authentication, data encryption, authentication and access management, and the use of cloud security tools.

Threats and risk reduction

The second pillar, however, provides that “the United States will use all the instruments of national power to destroy and dismantle the dangerous actors whose actions threaten our interests”. This statement reflects some significant steps taken by Biden; during its first year, the new government elevated the coveted ransomware to a national security issue, as it could no longer be classified as a simple “cybercrime”.

The new strategy now aims to block threats of this type. To achieve this result, various actions need to be implemented, such as the further integration of federal prevention and defense activities, and an improvement in the strategic approach of the Department of Defense.

The third pillar continues the plan, stating that the United States “must shape market forces to empower those within our digital ecosystem who are best placed to mitigate risk.”

This point aims, more generally, at hold data managers and technology providers accountable. In essence, the strategy recognizes the need for privacy-focused legislation that incorporates standards and guidelines developed by the National Institute of Standards and Technology and that imposes “strong and clear limits on the ability to collect, use, transfer and retain personal data personal data, providing protection for sensitive data such as geolocation”. Among the objectives is the development of devices Internet of Things (IoT) safe; however, holding companies accountable for unsafe software products and services is the central and perhaps the most important step of the plan.

global cooperation

When it comes to investing in the future, the strategy takes a comprehensive approach that recognizes the need to improve past, present and future infrastructure. The fourth pillar encompasses a number of issues: addressing the inherently vulnerable foundations of the Internet, reinvigorating federal research and development, strengthen the IT workforcedevelop a digital identity ecosystem and prepare for the post-quantum future.

The new strategy aims to “counter the dark vision of the future of the Internet” pursued by opponents such as the Chinese and other autocratic governments. To do this, it offers various strategic objectives, which respond to two main purposes: to strengthen collaboration with partners and to counter global threats. According to the document, a “renewed and active” diplomacy will be employed, which will include coordinated activities to call out malicious actors and uphold norms of responsible behavior. In the past, the United States and its allies have already called Russia and China back.

First, the strategy emphasizes the need to build global coalitions to counter threats to the digital ecosystem. Strengthening international partnerships has been a priority for the Biden administration. Cooperation can take many forms. Examples are the Declaration for the Future of the Internet, a political commitment to an open network, and the Freedom Online Coalition, whose 36 member countries seek to promote Internet freedom and human rights.

Cybersecurity cooperation involves liaisons such as the Quad, the US-EU Trade and Technology Council, AUKUS, the Indo-Pacific Economic Framework for Prosperity, and the Partnership for Economic Prosperity in the Americas.

Fundamental services and supply chain

The last piece of the puzzle concerns the global supply chains. The dependence on foreign suppliers for technology products and services, particularly China, raises questions about the reliability of these products and services. The new plan follows in the footsteps of the National 5G Security Strategy and associated efforts to ensure a secure supply chain, and intends to extend the model to other critical technologies. The commitment includes a restructuring of global supply chains to allow these technologies to “be developed at home or in close coordination with allies and partners.”

“We still have a long way to go before all Americans feel safe in cyberspace,” National Cyber ​​Director Kemba Walden said recently during an online forum.