The White House recently released a comprehensive cybersecurity strategy document with the intention of bolstering protections of critical sectors and making software companies legally liable when their products don’t meet basic standards. The strategy promises to use “all instruments of national power” to pre-empt cyberattacks. It also seeks to impose restrictions on private sector data collection, including of geolocation and health information.
The document lays the groundwork for better countermeasures against rising threats to government agencies, private industry, schools, hospitals and other vital infrastructure. It also calls for stricter rules on breach reporting and software liability, and for expanding cybersecurity regulations to other vital sectors.
The strategy’s data-collection component is also expected to meet stiff headwinds in Congress, though opinion polls say most Americans favor federal data privacy legislation. Meanwhile, the document also speaks to shifting legal liability onto software makers, holding companies rather than end users accountable.
The document is largely aspirational and is apt to meet resistance from business and Republicans in Congress, as well as software companies. However, Brandon Valeriano, former senior adviser to the federal government’s Cyberspace Solarium Commission, believes that “there’s a lot to like here”.
The strategy also calls for more aggressive efforts to pre-empt cyberattacks by drawing on military, law enforcement and diplomatic tools as well as help from the private sector. Already the FBI and U.S. Cyber Command are engaging cybercriminals and state-backed hackers in cyberspace in order to thwart ransomware operations and election interference.
In conclusion, the White House’s cybersecurity plan is an ambitious and wide-ranging effort to protect citizens from cyberattacks. It seeks to impose restrictions on private sector data collection, stricter rules on breach reporting and software liability, and wants to shift legal liability onto software makers. While it is likely to face resistance from business and Congress, it is a necessary step in creating a more secure online experience for citizens.
Key Points:
• White House released comprehensive cybersecurity strategy document
• Strategy promises to use “all instruments of national power” to pre-empt cyberattacks
• Seeks to impose restrictions on private sector data collection
• Calls for stricter rules on breach reporting and software liability
• Shifts legal liability onto software makers
• Calls for more aggressive efforts to pre-empt cyberattacks
• Likely to face resistance from business and Congress