The long-awaited National Cybersecurity Strategy was released by the United States government on Tuesday. The strategy, divided into five pillars, seeks to defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships to pursue shared goals. It also pushes mandatory regulation on critical infrastructure vendors and green-lights a ‘hack-back’ approach to dealing with foreign adversaries and ransomware actors.
The federal government plans to use existing authorities to set necessary cybersecurity requirements for critical sectors and close any legal gaps with help from Congress. It will also encourage secure-by-design principles, prioritize availability of essential services, and ensure that systems are designed to fail safely and recover quickly. The strategy also gives authorization to law enforcement and intelligence agencies to “disrupt and dismantle” foreign APT campaigns and data-extortion ransomware groups.
The White House is also discouraging the payment of data-extortion ransoms to cybercriminals and will increase information sharing to proactively warn of looming threats. It is also exploring a federal cyber insurance backstop to provide stability to the economy during catastrophic events. To accomplish the goals laid out in its strategy, the government will make private companies “full partners” in issuing early warnings and helping repel cyberattacks.
The National Cybersecurity Strategy provides a comprehensive framework for dealing with cybersecurity threats. It pushes for mandatory regulation on critical infrastructure vendors, encourages secure-by-design principles, discourages payment of data-extortion ransoms, and seeks to “disrupt and dismantle” hostile networks. The federal government will also explore a cyber insurance backstop and use private companies as “full partners” to help prevent and respond to cyberattacks.
Key Points:
• The National Cybersecurity Strategy seeks to defend critical infrastructure, disrupt and dismantle threat actors, shape market forces to drive security and resilience, invest in a resilient future, and forge international partnerships.
• The federal government will use existing authorities to set necessary cybersecurity requirements and work with Congress to close any legal gaps.
• Private companies will be “full partners” to issue early warnings and help repel cyberattacks.
• The strategy discourages payment of data-extortion ransoms to cybercriminals and seeks to “disrupt and dismantle” hostile networks.
• The federal government will explore a cyber insurance backstop to provide stability to the economy during catastrophic events.