he US government released its National Cyber Security Strategy on 28 February 2023, detailing mandatory regulation on critical infrastructure vendors and endorsing a more aggressive ‘hack-back’ approach to dealing with foreign adversaries and ransomware actors. As previously reported, the White House plans to use regulation to “level the playing field” and shift liability to organizations that fail to make reasonable precautions to secure their software. “[While] voluntary approaches to critical infrastructure cybersecurity have produced meaningful improvements, the lack of mandatory requirements has too often resulted in inconsistent and, in many cases inadequate, outcomes,” the document argues, calling for a dramatic shift of liability “onto those entities that fail to take reasonable precautions to secure their software.”
“In setting cyber security regulations for critical infrastructure, regulators are encouraged to drive the adoption of secure-by-design principles, prioritize the availability of essential services, and ensure that systems are designed to fail safely and recover quickly. Regulations will define minimum expected cyber security practices or outcomes, but the Administration encourages and will support further efforts by entities to exceed these requirements,” the strategy document argues.[1]
The federal government plans to use existing authorities to set “necessary cybersecurity requirements in critical sectors” and where there are legal gaps around authority, the White House plans to work with Congress to close them.
The strategy is divided by five pillars:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
The strategy also gives high-level authorization to law enforcement and intelligence agencies to “disrupt and dismantle threat actors,” including foreign APT campaigns and data-extortion ransomware groups. “Disruption campaigns must become so sustained and targeted that criminal cyber activity is rendered unprofitable and foreign government actors engaging in malicious cyber activity no longer see it as an effective means of achieving their goals,” the White House stressed, noting that the federal government will increase the speed and scale of information sharing to proactively warn of looming threats.
“The Federal Government will work with cloud and other internet infrastructure providers to quickly identify malicious use of US-based infrastructure, share reports of malicious use with the government, make it easier for victims to report abuse of these systems, and make it more difficult for malicious actors to gain access to these resources in the first place,” it added.
The aggressive strategy is meant to preemptively “disrupt and dismantle” hostile networks by authorizing US defense, intelligence, and law enforcement agencies to hack into the computer networks of criminals and foreign governments. The White House is also discouraging the payment of data-extortion ransoms to cybercriminals, arguing that “the most effective way to undermine the motivation of these criminal groups is to reduce the potential for profit.”
See: https://redskyalliance.org/xindustry/global-ransomware-summit-will-not-stop-attacks
“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the strategy says.
The WH strategy: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
The strategy goes deeper, assigning the work to the FBI’s National Cyber Investigative Joint Task Force working in tandem with all relevant US agencies. It said private companies will be “full partners” to issue early warnings and help repel cyber-attacks.
The government is also exploring a federal cyber insurance backstop to provide stability to the economy during catastrophic events or major crises.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. If interested in cyber insurance, please contact Red Sky Alliance, as we partner with Cysurance with aggressive cyber policies. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.securityweek.com/white-house-releases-national-cybersecurity-strategy/
Comments