WASHINGTON (AP) — The U.S. government plans to expand minimum cybersecurity requirements for critical industries and be faster and more aggressive in stopping cyberattacks before they happen, including using military assets, diplomatic and law enforcement, according to a Joe Biden administration strategy paper released Thursday.
The White House also plans to work with Congress on legislation that would keep software makers whose products do not legally meet basic cybersecurity safeguards, authorities said.
Essentially, the strategy delivers on initiatives of the past two years following a series of high-profile ransomware attacks on critical infrastructure. In ransomware attacks, cybercriminals lock down an organization’s computers and demand a ransom to free them.
An attack on a major fuel pipeline sparked panic buying at gas stations and led to stock-outs on the East Coast, while other attacks underscored attention to cybersecurity. However, authorities were confident that the new protocol would lay the groundwork to respond to an increasingly challenging digital environment.
“This strategy will position the United States and its allies and partners to build this digital ecosystem together, making it inherently easier and more defensible, resilient, and aligned with our values,” the document states.
The Democratic government had already taken steps to impose cybersecurity regulations on certain industrial sectors such as electric companies and nuclear facilities. The text calls for the minimum requirements to be extended to other essential sectors.
It is “critical that the American people have confidence in the availability and resilience of our critical infrastructure and the critical services it provides,” said Anne Neuberger, deputy national security adviser for cyber and emerging technologies.
The strategy calls for increased efforts to thwart cyberattacks before they happen with military, diplomatic and security force means, as well as with the help of the private sector which “has growing visibility in the sector “. These offensive operations, the document says, must be produced “with greater speed, scale and frequency.”
“Our goal is to render malicious actors incapable of conducting ongoing cyber campaigns that would threaten national security or the public safety of the United States,” the strategy document states.
The new protocol classifies ransomware attacks as a threat to national security, rather than a criminal challenge, which means the government will continue to use tools beyond arrests and warrants to combat the problem.
Eric Tucker is on Twitter at http://www.twitter.com/etuckerAP.