The administration of incumbent US President Joe Biden on Thursday released its National Cybersecurity Strategy, which focuses on shifting the burden of defending US cyberspace onto software and service providers.
America's new defense plan for cybersecurity recognizes that cooperation between the public and private sectors, and with international allies and partners, is essential to protecting the nation from cyber threats.
"We must rebalance the responsibility to defend cyberspace and shift the burden of cybersecurity from individuals, small businesses, and local governments to organizations that are better at taking the risks off all of us," the White House said in a joint statement today.
"The federal government will also deepen operational and strategic engagements with providers of software, hardware, and managed services to reshape the cyber landscape and improve security and resilience," the White House added.
The primary goals of the strategy are to defend critical U.S. infrastructure, disrupt the activities of malign actors designed to harm U.S. interests, make strategic investments to create a more secure digital ecosystem, and develop international partnerships to achieve common goals. .
In addition to focusing on shifting responsibility for security bugs to software vendors, other key recommendations include: attack campaigns aimed at making malicious, government-sponsored, or financially motivated activities unprofitable and ineffective, and ensuring that U.S. infrastructure is not vulnerable to attack. Applies to organizations operating in the United States.
The new strategy also recognizes that ransomware is a major threat and that governments are unwilling to pay ransoms and will continue to target ransomware gangs operating from "safe havens" such as Russia, North Korea, and Iran. "
In terms of top national cybersecurity threats, the US government says that China and Russia are the most active and aggressive countries behind malicious activities targeting critical US infrastructure and assets.
The authorities coordinating the implementation of this new cybersecurity strategy are the (Office of the National Director for Cybersecurity) in coordination with the (Office of Management and Budget) and are under the supervision of the (National Security Council).
They will submit annual reports to the President and the US Congress to highlight the effectiveness of the strategy. It will also provide federal agencies with annual guidance on cybersecurity budget priorities to ensure they achieve their goals.