White House releases new U.S. national cybersecurity strategy

The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country's cyberspace towards software vendors and service providers.

Washington's new cybersecurity defense plan also acknowledges the collaboration between public and private sectors and with international allies and partners as essential for securing the nation against cyber threats.

"We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us," the White House said today.

"The Federal Government will also deepen operational and strategic collaboration with software, hardware, and managed service providers with the capability to reshape the cyber landscape in favor of greater security and resilience."

Its main objectives are to defend U.S. critical infrastructure, disrupt malicious threat actors aiming to endanger U.S. interests, invest strategically to establish a more secure digital ecosystem, and develop international partnerships to achieve shared goals.

Besides these and focusing on diverting liability for security failures to software companies, other significant proposals include more aggressive campaigns aiming to make state-backed/financially motivated malicious activity unprofitable and ineffective and ensuring that U.S. infrastructure is no longer used in attacks targeting organizations in the United States.

"Disruption campaigns must become so sustained and targeted that criminal cyber activity is rendered unprofitable and foreign government actors engaging in malicious cyber activity no longer see it as an effective means of achieving their goals," the administration said.

"All service providers must make reasonable attempts to secure the use of their infrastructure against abuse or other criminal behavior [to] make it more difficult for adversaries to abuse U.S.-based infrastructure while safeguarding individual privacy."

The new strategy also underlines ransomware as a major threat and stresses how the administration "strongly discourages the payment of ransoms" and will continue targeting ransomware gangs operating from safe havens like Russia, North Korea, and Iran.

China and Russia tagged as top threats to the U.S. national security 

Regarding the biggest threats to national cybersecurity, the administration says that China and Russia are the most active and aggressive states behind malicious activity targeting U.S. critical infrastructure and assets.

"Over the last ten years, [China] has expanded cyber operations beyond intellectual property theft to become our most advanced strategic competitor with the capacity to threaten U.S. interests and dominate emerging technologies critical to global development," the strategy reads.

"Russia remains a persistent cyber threat as it refines its cyber espionage, attack, influence, and disinformation capabilities to coerce sovereign countries, harbor transnational criminal actors, weaken U.S. alliances and partnerships, and subvert the rules-based international system."

The ones that will coordinate the efforts to implement this new cybersecurity strategy are the Office of National Cyber Director (ONCD) in coordination with the Office of Management and Budget (OMB), under the oversight of the National Security Council (NSC).

They will make annual reports to the President and the U.S. Congress to highlight the strategy's effectiveness. They will also provide federal agencies with yearly guidance on cybersecurity budget priorities to ensure its goals are achieved.