The US Government has finally released its long-awaited cybersecurity strategy, and it seems that it’s going to tilt the security responsibility more towards companies, shifting the burden from the consumers.
The document (opens in new tab), “fundamentally reimagines America’s cyber social contract,” Kemba Walden, the acting national cyber director, told the media during a preview. “It will rebalance the responsibility for managing cyber risk onto those who are most able to bear it.”
“The biggest, most capable and best-positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe.”
Up until now, the government says, the cybersecurity of critical infrastructure was the result of voluntary action, which is why it “resulted in inadequate and inconsistent outcomes”.
Now, however, it is setting up “minimum standards” business owners and software operators need to adhere to. These standards will be performance-based, and build on existing regulations.
However, what that will mean in practice for technology companies is still anyone’s guess, dding that the agencies overseeing various critical infrastructure industries, states, and independent regulators, will also have a say in the strategy’s implementation.
The U.S. government has been working on a cybersecurity strategy for years now, ever since it became obvious that hacks, fraud, and other criminal activity in cyberspace are only getting worse.
Disruptive attacks on key infrastructure players, such as the ransomware attack on Colonial Pipeline endpoints (opens in new tab), only accelerated its delivery. Over the past year, the Biden administration worked on an outline for the document, whose primary author is the former National Cyber Director, Chris Inglis.
Via: Cyberscoop (opens in new tab)