Why it matters: State-sponsored cyberattacks and corporate espionage are becoming a bigger concern with each passing year, often resulting in millions of dollars in damages. Attackers are making off with critical data as governments, businesses, and cybersecurity experts struggle to protect citizens and customers. As of now, individuals and small businesses are on their own when attacked, but the Biden administration wants to change that and make multibillion dollar tech firms more accountable for Americans' digital safety.
The White House on Thursday unveiled a new National Cybersecurity Strategy to make cyberspace more secure for Americans. The new policy puts the onus on tech firms and large organizations to make their systems more secure, so that they are better able to resist the increasingly more sophisticated cybersecurity threats from around the world.
Explaining its stance, the Biden administration said that the "organizations that are most capable and best-positioned to reduce risks" should do more to ensure the online safety of American citizens rather than shifting the burden of cybersecurity to individuals, small businesses, and local governments.
The new policy document also termed ransomware attacks a national security threat and said that the administration is working towards creating a "comprehensive Federal approach" to address the problem in collaboration with America's international allies. In a bid towards making America safer against cybersecurity threats, the administration said it will "(employ) all tools of national power to disrupt adversaries" and work with the private sector to thwart malicious actors.
Delving further into the threats faced by the U.S. and other liberal democracies, the strategy document pointed the finger of blame squarely at "China, Russia, Iran, North Korea, and other autocratic states with revisionist intent."
Accusing the aforementioned countries of indulging in cyber warfare with complete disregard for human rights and international laws, the administration said that they are a clear and present danger to America's national security, public safety and economic prosperity.
In a damning assessment of the country's current cybersecurity capabilities, the administration acknowledged that the existing cyberdefense mechanisms are outdated and ineffective. Describing America's current cybersecurity policies and protocols as "inadequate and inconsistent," the document called for stronger regulation and better policy-making to protect critical infrastructure.
It is worth noting that the policy document is more of a guideline rather than an executive order, meaning tech firms and large corporations are under no obligation to invest more money towards their cybersecurity programs.
The policies outlined by the Biden Administration would require legislative action by the Congress before they can be implemented at a national level, but given the current political climate in the country, it will likely be impossible for that to happen any time soon.