White House strategy stresses safety
An ambitious and wide-ranging White House cybersecurity plan released Thursday calls for bolstering protections on critical sectors and making software companies legally liable when their products don’t meet basic standards. The strategy document promises to use “all instruments of national power” to pre-empt cyberattacks.
The Democratic administration also said it would work to “impose robust and clear limits” on private sector data collection, including of geolocation and health information.
“We still have a long way to go before every American feels confident that cyberspace is safe for them,” acting national cyber director Kemba Walden said during an online forum on Thursday.
“We expect school districts to go toe-to-toe with transnational criminal organizations largely by themselves. This isn’t just unfair. It’s ineffective.”
The strategy largely codifies work already underway during the last two years following a spate of high-profile ransomware attacks on critical infrastructure.
A 2021 attack on a major fuel pipeline caused panic at the pump, resulting in an East Coast fuel shortage, and other damaging attacks made cybersecurity a national priority. Russia’s invasion of Ukraine compounded those concerns.
The 35-page document lays the groundwork for better countering rising threats to government agencies, private industry, schools, hospitals and other vital infrastructure that are routinely breached.
In the past few weeks, the FBI, U.S. Marshals Service and Dish Network were among the intrusion victims.
“The defense is hardly winning. Every few weeks someone gets hacked terribly,” said Edward Amoroso, CEO of the cybersecurity firm TAG Cyber.
He called the White House strategy largely aspirational. Its boldest initiatives — including stricter rules on breach reporting and software liability — are apt to meet resistance from business and Republicans in Congress.
Brandon Valeriano, former senior adviser to the federal government’s Cyberspace Solarium Commission, agreed.
“There’s a lot to like here. It just lacks a lot of specifics,” said Valeriano, a distinguished senior fellow at the Marine Corp. University. “They produce a document that speaks very much to regulation at a time when the United States is very much against regulation.”
The strategy’s data-collection component is also expected to meet stiff headwinds in Congress, though opinion polls say most Americans favor federal data privacy legislation.