Multibillion dollar companies should do more to prevent cyberattacks, says the Biden administration

[DragonSlayer101]

Why it matters: State-sponsored cyberattacks and corporate espionage are becoming a bigger concern with each passing year, often resulting in millions of dollars in damages. Attackers are making off with critical data as governments, businesses, and cybersecurity experts struggle to protect citizens and customers. As of now, individuals and small businesses are on their own when attacked, but the Biden administration wants to change that and make multibillion dollar tech firms more accountable for Americans' digital safety.

The White House on Thursday unveiled a new National Cybersecurity Strategy to make cyberspace more secure for Americans. The new policy puts the onus on tech firms and large organizations to make their systems more secure, so that they are better able to resist the increasingly more sophisticated cybersecurity threats from around the world.

Explaining its stance, the Biden administration said that the "organizations that are most capable and best-positioned to reduce risks" should do more to ensure the online safety of American citizens rather than shifting the burden of cybersecurity to individuals, small businesses, and local governments.

The new policy document also termed ransomware attacks a national security threat and said that the administration is working towards creating a "comprehensive Federal approach" to address the problem in collaboration with America's international allies. In a bid towards making America safer against cybersecurity threats, the administration said it will "(employ) all tools of national power to disrupt adversaries" and work with the private sector to thwart malicious actors.

Delving further into the threats faced by the U.S. and other liberal democracies, the strategy document pointed the finger of blame squarely at "China, Russia, Iran, North Korea, and other autocratic states with revisionist intent."

Accusing the aforementioned countries of indulging in cyber warfare with complete disregard for human rights and international laws, the administration said that they are a clear and present danger to America's national security, public safety and economic prosperity.

In a damning assessment of the country's current cybersecurity capabilities, the administration acknowledged that the existing cyberdefense mechanisms are outdated and ineffective. Describing America's current cybersecurity policies and protocols as "inadequate and inconsistent," the document called for stronger regulation and better policy-making to protect critical infrastructure.

It is worth noting that the policy document is more of a guideline rather than an executive order, meaning tech firms and large corporations are under no obligation to invest more money towards their cybersecurity programs.

The policies outlined by the Biden Administration would require legislative action by the Congress before they can be implemented at a national level, but given the current political climate in the country, it will likely be impossible for that to happen any time soon.

Permalink to story.

https://www.techspot.com/news/97806-multibillion-dollar-companies-do-more-prevent-cyberattacks-biden.html

 

[toooooot]

I think his logic is that they earn the most therefore they should do more for making tech safer for all.
The problem is, if it does not hurt them that much they will do what really matters--money.
My question is this. We liv in time where customers are beta testers for software. Half baked product is out and they listen waiting for feedback and first bugs. Slowly, they are fixed one by one. Occasionally, a huge loophole is found and everybody realizes that whoever found it first got access to a lot of personal data. How the heck do you make this area safer when pretty much everything is in such raw condition?

 

[Bullwinkle M]

But....but.....but.....Multibillion dollar companies make you vulnerable on purpose to maintain their criminal monopolies

How can they possibly maintain an illegal Monopoly by making the end users safe?

Those who caused the problem should not be the ones who decide how to fix the problem

Physician......Heal Thyself!

 

[psycros]

This is the sort of thing that administrations put out just so they can point to it as an "accomplishment" during the next election cycle. Its fundamentally meaningless. The irony is that your personal data is already exposed to every spammer and identity thief on Earth by the very companies who are supposed to protect it. Your data is worth just as much to them as the actual money they get from you - and often more. You may only make a single purchase from a company but they will sell your data over and over to everyone who's willing to pay for it. Until we have laws that make selling customer data 100% opt-in, cyber-security will remain a massive joke.

 

[yRaz]

Lets remove politics from this for a second and actually look at what "multi billion dollar corporations" actually do. Amazon, Google and others are MASSIVE players in the cloud space. You can rent time on Amazon Web Services and use it for a cyber attack. These corporations are more than happy to take anyone's money. So I have to ask, are they really doing enough to protect people or do they just want money? That last question was rhetorical.

If it was trump saying the same thing then the democrats would be against it. It's nonsense as usual.

 

[Hodor]

But....but.....but.....Multibillion dollar companies make you vulnerable on purpose to maintain their criminal monopolies
How can they possibly maintain an illegal Monopoly by making the end users safe?

Those aren't the same companies. Multibillion corporations like Microsoft, Google, Intel, Samsung, etc., make other multibillion corporations vulnerable, so they could easily spy on them. That's why during the board of directors meetings they use signal blockers or require people to leave their cellphones out of the room.

But then they show presentations on a large-screen TV, which is networked......... and someone already knows about their future plans.

Companies like Google can probably earn enough money just by selling corporate secrets to competitors of those corporations. Or investing in stock market using inside knowledge collected from spying on CEOs.

 

[BuckarooBonzaii]

I guess when too many embarrassing attacks happens in their own backyard (DOJ, DHS, FBI, IRS, U.S. Marshalls, etc.) then it's time to do something. Typical behavior.

 

[wiyosaya]

Lets remove politics from this for a second and actually look at what "multi billion dollar corporations" actually do. Amazon, Google and others are MASSIVE players in the cloud space. You can rent time on Amazon Web Services and use it for a cyber attack. These corporations are more than happy to take anyone's money. So I have to ask, are they really doing enough to protect people or do they just want money? That last question was rhetorical.

If it was trump saying the same thing then the democrats would be against it. It's nonsense as usual.

Technically, I am not registered as a democrat - my party is listed as "NO PARTY", however, IF, and that's a mighty big IF IMO, Trump had done anything like this, I would have said it is one of the few things that showed he actually had a brain.

However, I highly doubt Trump would have done anything even remotely like this.

Back on topic and away from politics, I think that everyone needs to take cyber security seriously, and that includes businesses (regardless of size, but especially those businesses that make more money than god like multi-billion dollar businesses) and government. There is a sizeable and lackadaisical attitude toward cyber security these days and the after-the-fact "Opps, sorry" attitudes that those who are attacked display is total BS, IMO. They could have, and should have, done more to prevent their systems from being invaded.

 

[yRaz]

Technically, I am not registered as a democrat - my party is listed as "NO PARTY", however, IF, and that's a mighty big IF IMO, Trump had done anything like this, I would have said it is one of the few things that showed he actually had a brain.

However, I highly doubt Trump would have done anything even remotely like this.

Back on topic and away from politics, I think that everyone needs to take cyber security seriously, and that includes businesses (regardless of size, but especially those businesses that make more money than god like multi-billion dollar businesses) and government. There is a sizeable and lackadaisical attitude toward cyber security these days and the after-the-fact "Opps, sorry" attitudes that those who are attacked display is total BS, IMO. They could have, and should have, done more to prevent their systems from being invaded.

I frankly think that the democrats are less likely to pass something like this because they receive tons of money from these companies in the form of political contributions. It's a fantastic idea in theory but at the end of the day, politicians are politicians. Google and Facebook have already openly stated their opposition to this kind of legislation. I think this should be a bipartisan issue but I'm going to speculate is the only bipartisan about it is the desire to continue taking their money to get reelected.

 

[rsmith222]

If it was trump saying the same thing then the democrats would be against it. It's nonsense as usual.

One party, two brand names. Divide and conquer.

Don't take my word for it. Researchers from Harvard and Northwestern wrote a paper about it, using decades of data from Congress.

 

[rsmith222]

Lets remove politics from this for a second

That's like saying, 'let's have life without breathing.'

Everything is political. This is one of the biggest intellectual failures in the tech community, the refusal to recognize that.