March 25, 2023
The U.S. government is set to release a cybersecurity strategy document that approves mandatory regulations on critical infrastructure vendors and green-lights a more aggressive ‘hack-back’ approach to dealing with foreign adversaries. According to early reporting on the strategy document making the rounds in Washington, the Biden administration is mulling over the final details of a…

The U.S. government is set to release a cybersecurity strategy document that approves mandatory regulations on critical infrastructure vendors and green-lights a more aggressive ‘hack-back’ approach to dealing with foreign adversaries.

According to early reporting on the strategy document making the rounds in Washington, the Biden administration is mulling over the final details of a 35-page National Cybersecurity Strategy that will use regulation to “level the playing field” in national security.

“[While] voluntary approaches to critical infrastructure cybersecurity have produced meaningful improvements, the lack of mandatory requirements has too often resulted in inconsistent and, in many cases inadequate, outcomes,” the document argues, calling for a dramatic shift of liability “onto those entities that fail to take reasonable precautions to secure their software.” 

The strategy, created by the Office of the National Cyber Director (ONCD), also gives high-level authorization to law enforcement and intelligence agencies to hack into foreign networks to prevent attacks or to retaliate against APT campaigns.

According to a draft copy seen by Slate, the aggressive strategy is meant to preemptively “disrupt and dismantle” hostile networks by authorizing U.S. defense, intelligence, and law enforcement agencies to hack into the computer networks of criminals and foreign governments. 

“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the document states in a section titled “Disrupt and Dismantle Threat Activities,” according to Slate.

The strategy document goes deeper, assigning the work to the FBI’s National Cyber Investigative Joint Task Force working in tandem with all relevant U.S. agencies.  It said private companies will be “full partners” to issue early warnings and help repel cyberattacks.

The strategy is expected to be signed by President Biden “in the coming weeks.”

Related: Chris Inglis Steps Down as US National Cyber Director

Related: Biden Signs Two Cybersecurity Bills Into Law

Related: The AP Interview: Justice Dept. Conducting Cyber Crackdown

Related: Biden, Tech Leaders Eye ‘Concrete Steps’ to Boost Cybersecurity

Source