The Biden administration rolled out a National Cybersecurity Strategy Thursday that aims to protect the nation’s critical infrastructure from a “complex,” transnational and “borderless” cyber threat environment.
Officials said the U.S. will “re-imagine” cyberspace as a “tool to achieve our goals in a way that reflects our values: economic security and prosperity, respect for human rights and fundamental freedoms, trust in our democracy and democratic institutions and an equitable and diverse society.”
The strategy aims to rebalance the “responsibility” to defend cyberspace by shifting the burden away from people, small businesses and local governments and onto the organizations that are “most capable and best positioned to reduce risks for all of us” and seeks to plan for future cyber threats.
“The strategy recognizes that government must use all tools of national power in a coordinated manner to protect our national security, public safety and economic prosperity,” officials said.
US MARSHALS SERVICE ATTACKED BY RANSOMWARE TARGETING SENSITIVE LAW ENFORCEMENT INFORMATION
Officials acknowledged that the United States faces “a complex threat environment with state and non-state actors developing and executing novel campaigns to threaten our interests.”
“This strategy sets out a path to address these threats and secure the promise of our digital future,” officials said.
As for threats to the United States, Acting National Cyber Director Kemba Walden said the nation needs to look beyond the threats of the moment.
“We need to invest in it tomorrow,” she said.
BIDEN SIGNS ORDER TO BEEF UP FEDERAL CYBER DEFENSES
Deputy National Security Adviser Anne Neuberger said that cyber threats are “fundamentally transnational threats.”
“Threats in cyberspace are often borderless,” she said. “Cyber defense matters in the modern geopolitical climate, and we must work with our close allies and partners to deliver the security we all need and our citizens deserve.”
Neuberger added that the Biden administration is also “elevating our work on ransomware,” announcing that the administration is now “declaring ransomware a threat to national security rather than just a critical challenge.”
Ransomware is typically a type of malicious software deployed onto a computer system that blocks access or threatens to publish personal or confidential information until a sum of money is paid.
The overall strategy focuses on five pillars, including defending critical infrastructure by expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety.
The strategy also focuses on disrupting and dismantling threat actors and seeks to use “all instruments of national power” to make malicious cyber actors incapable of threatening U.S. national security.
The other pillars include shaping market forces to drive security and resilience, investing in a resilient future and forging international partnerships to pursue shared goals.
BIDEN TO SIGN NATIONAL SECURITY MEMO TO PROTECT CRITICAL INFRASTRUCTURE CYBERSECURITY
Walden said the strategy builds on President Biden’s 2021 executive order that aimed to strengthen U.S. cybersecurity defenses by requiring all federal agencies to use basic cybersecurity measures, like multifactor authentication, and require new security standards for software makers that contract with the federal government.
Walden thanked Congress, saying the strategy was created with “bipartisan cooperation.”
The strategy also comes after Biden in July 2021 signed a national security memorandum directing his administration to develop cybersecurity performance goals for critical infrastructure in the U.S. for entities like electricity utility companies, chemical plants and nuclear reactors.
That memo formally established Biden’s Cyber Security Initiative, a voluntary collaborative effort between the federal government and critical infrastructure entities to facilitate the deployment of technology and systems that provide threat visibility indicators and detections.
The move at that time to strengthen defenses came after a string of ransomware attacks, with foreign actors targeting pieces of U.S. critical infrastructure.
The rollout of the strategy comes days after the U.S. Marshals Service confirmed it had been targeted by a ransomware attack over a week ago, compromising sensitive information, including data on fugitives.
Last month, Tallahassee Memorial Healthcare in northern Florida was forced to take its information technology systems offline after it was hit bay an apparent ransomware attack.
Also last month, a cyberattack at the Pipefitters Local 537 in Boston was discovered. After the discovery, the union retained a cybersecurity forensic investigator who learned the cyberattack on the union’s health fund resulted in the loss of $6.4 million. It did not appear that personal information of the union’s members was stolen or compromised, officials said.