The Biden-Harris administration has published its National Cybersecurity Strategy which aims to provide guidelines regarding how companies in the US allocate roles, responsibilities and resources in cyber space.
The Strategy shifts the burden of cybersecurity from individuals, small businesses and local governments to technology firms. It also pushes towards a realignment of incentives to favor long-term investments in a bid to find a balance between existing and future threats.
Five pillars are included in the Strategy; guidelines aimed at improving specific aspects of cybersecurity across the US.
These are, respectively, the defense of critical infrastructure, the disruption and dismantlement of threat actors, the push toward reshaping market forces to drive security, the investing in a ‘resilient future,’ and the creation of international partnerships.
According to Bryan Cunningham, former White House lawyer and advisor at Theon Technology, the Strategy is the culmination of a shared belief that the cybersecurity industry should have more mandatory regulations.
“[However, this should be] a highly consultative process with industry and that they would rather rely first on self-regulation and market forces and only regulate where there are critical gaps,” Cunningham explained.
“I think this is the right approach, and even industry leaders have signaled, at least since the SolarWinds attacks, that they are open to reasonable regulation and that it probably is time," he added.
At the same time, Cunningham said he believes such regulations should be at a high level of generality to allow different approaches to compliance, considering the fact that attack vectors and best practices of defense change constantly.
“The Strategy also almost certainly will endorse more aggressive offensive cyber operations and doctrine by the US Government itself,” he said.
“I do not think it will, nor necessarily should, push for legalization of offensive cyber operations by private organizations, at least not without court orders or other proper legal process.”
The publication of the National Cybersecurity Strategy comes two months after the Biden administration signed a separate law aimed at increasing cybersecurity in the US: the Quantum Cybersecurity Preparedness Act.