Biden White House Announces New Cybersecurity Plan

This week, the White House issued a statement indicating that Joe Biden will rely on more than an executive order to bolster U.S. online security. The strategy document, released on Thursday, also includes using the military, law enforcement, and diplomatic tools to counter an increasingly challenging cyber environment.

The strategy aims to establish a common set of regulations to make it easier for companies to comply with minimum security standards for critical infrastructure. Additionally, the administration intends to work with Congress on legislation imposing legal responsibility on software producers if they fail to meet the baseline cybersecurity standards.

The administration believes that companies should be held accountable rather than end users. The Biden administration hopes to work with Congress and companies on legislation that bars total liability and sets stricter standards for specific high-risk scenarios.

Joe Biden’s deputy national security adviser for cyber and emerging technology, Anne Neuberger, emphasized the importance of ensuring the availability and resiliency of critical infrastructure and essential services in a conference call with reporters.

She said that under the strategy, ransomware attacks are classified as a threat to national security rather than a criminal challenge. The new standards will allow the federal government to continue using extrajudicial measures to combat cyber criminals with preventative measures.

The announced plan also calls for greater investment in cybersecurity research and adds new staffers for that purpose. The White House hopes additional research capabilities will reduce systemic vulnerabilities at the core of the public and governmental-use internet and to adapt to emerging technologies such as post-quantum encryption and digital IDs.

The White House initiative claims it will rebalance responsibilities toward larger companies and organizations best equipped to handle threats and establish improved public-private alliances to defend infrastructure more effectively. The government would also modernize its networks and response policies to safeguard against threats. However, some policies will be largely unchanged. The government will proactively “disrupt and dismantle” threats and will continue to emphasize international cooperation in fighting ransomware.

While the implementation of the strategy has already begun, there is no certainty that it will work as proposed. The program delegates responsibilities to individual agencies, Congress, and sometimes state regulators. It is also unclear if developers will welcome new regulations that could make them legally liable for security holes. Nonetheless, the approach sets expectations for how federal officials tackle future digital threats.