The U.S. government has finally released its long-awaited cybersecurity strategy and it looks like it’s shifting the responsibility for security more to businesses, putting the burden on consumers.
The document (opens in new tab)“fundamentally reimagines the US cyber-social contract,” Kemba Walden, the acting national cyber director, told media during a preview. “It will redistribute the responsibility of managing cyber risk to those who can bear it most.”
“The largest, most capable and best-positioned actors in our digital ecosystem can and should bear a greater share of the burden of managing cyber risk and keeping us all safe.”
Until now, the government says, cybersecurity of critical infrastructure has been the result of voluntary action, and therefore “resulted in inadequate and inconsistent results”.
Now, however, it sets “minimum standards” that business owners and software operators must adhere to. These standards will be performance based and build on existing regulations.
However, what that will mean in practice for tech companies is still a mystery, adding that the agencies overseeing various critical infrastructure industries, states and independent regulators will also have a say in the implementation of the strategy.
The US government has been working on a cybersecurity strategy for years, ever since it became clear that hacks, fraud and other criminal activities in cyberspace are only getting worse.
Disruptive attacks against key infrastructure players, such as the ransomware attack against Colonial Pipeline endpoints (opens in new tab), only accelerated the delivery. For the past year, the Biden administration has been working on an outline for the document, the lead author of which is former National Cyber Director, Chris Inglis.
Via: Cyberscope (opens in new tab)