Under the new National cybersecurity strategy, critical infrastructure firms and software companies will face federal accountability for security breaches.
The White House has unveiled a new national cybersecurity strategy that calls for increased federal regulation of critical infrastructure firms and for software companies to be held accountable for security breaches.
The policy, which reflects growing concern over cybercriminals and foreign states targeting US public services, seeks to leverage the government’s purchasing and regulatory powers to boost the security of the nation’s critical economic and security infrastructure.
The White House is looking to develop legislation with Congress to hold software makers liable when their products and services do not provide adequate protection from sabotage.
It is worth noting that the new policy came just days after the Crowd Strike cybersecurity firm released its 2023 Global Threat Report, revealing an increase in cyberattacks from China, Russia, and Iran.
The company singled out Chinese-nexus adversaries as the most active targeted intrusion groups, with targeted cyberespionage attacks in 39 industries across over 20 geographic regions around the globe. The primary target of Chinese-affiliated adversaries was North America.
In a comment to Hackread.com, Fortress Information Security’s CEO and co-founder Alex Santos applaud The White House’s National Cybersecurity Strategy and its focus on critical infrastructure and national defence cybersecurity.
“Our national defence is at risk without a sound and comprehensive cybersecurity strategy supported by a pragmatic operational plan that brings together the public and private sectors,” said Alex.
Alex added that, although the new strategy is a good initiative to track challenges, time is of the essence. The co-founder also referred to the CHIPS and Science Act of 2022 to secure supply chains for the semiconductor industry.
“We’d like to see more. more funding in the National Defense Authorization Act, more strict adherence to deadlines, more incentive for industries to band together to share critical risk and vulnerability information, and more support for existing cybersecurity initiatives like Critical Infrastructure Protection standards and the North America Energy Software Assurance Database,” Alex added.