Biden administration releases new cybersecurity strategy

By AP News


The U.S. government plans to expand minimum cybersecurity requirements for critical sectors and be faster and more aggressive in preventing cyberattacks before they occur

Biden Cybersecurity

WASHINGTON (AP) — The U.S. government plans to expand minimum cybersecurity requirements for critical sectors and to be faster and more aggressive in preventing cyberattacks before they can occur, including by using military, law enforcement and diplomatic tools, according to a Biden administration strategy document released Thursday.

The Democratic administration also intends to work with Congress on legislation that would impose legal liability on software makers whose products fail to meet basic cybersecurity safeguards, officials said.

The strategy largely codifies work that has already been underway during the last two years over a spate of high-profile ransomware attacks on critical infrastructure. An attack on a major fuel pipeline that caused panic at the pump and resulted in an East Coast fuel shortage as well as other attacks focused fresh attention on cybersecurity. But officials hope the new strategy lays the groundwork for countering an increasingly challenging cyber environment.

“This strategy will position the United States and its allies and partners to build that digital ecosystem together, making it more easily and inherently defensible, resilient, and aligned with our values,” the document states.

President Joe Biden's administration has already taken steps to impose cybersecurity regulations on certain critical industry sectors, such as electric utilities and nuclear facilities, and the strategy calls for minimum requirements to be expanded to other vital sectors.

Anne Neuberger, the administration's deputy national security adviser for cyber and emerging technology, said on a conference call with reporters that it was “critical that the American people have confidence in the availability and resiliency of our critical infrastructure and the essential services it provides.”

The administration also wants to shift legal liability onto software makers that fail to take basic precautions to produce secure technology, saying companies should be held accountable rather than end users.

In a statement accompanying the document, Biden says his administration is taking on the “systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small organizations.”

“By working in partnership with industry; civil society; and state, local, tribal, and territorial governments, we will rebalance the responsibility for cybersecurity to be more effective and equitable,” Biden says.

The strategy document calls for more aggressive efforts to thwart cyberattacks before they can occur by drawing on a range of military, law enforcement and diplomatic tools as well as help from a private sector that “has growing visibility into the adversary sector.” Such offensive operations, the document says, need to take place with “greater speed, scale, and frequency.”

“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the strategy document says.

Under the strategy, ransomware attacks — in which hackers lock up a victim's data and demand large fees to return it — are being classified as a threat to national security rather than a criminal challenge, meaning that the government will continue using tools beyond arrests and indictments to combat the problem.


Follow Eric Tucker on Twitter at


In this article:

Information Technology

Author: AP News

This article does not provide any financial advice and is not a recommendation to deal in any securities or product. Investments may fall in value and an investor may lose some or all of their investment. Past performance is not an indicator of future performance.

Originally published by Associated Press, Digitonic Ltd (and our owners, directors, officers, managers, employees, affiliates, agents and assigns) are not responsible for the content or accuracy of this article. The information included in this article is based solely on information provided by the company or companies mentioned above.

Sign up for Investing Intel Newsletter