The Biden administration has unveiled its national cybersecurity strategy, which includes plans to strengthen the country’s cybersecurity posture. The strategy calls for legislation to establish liability for software products and services that prioritize security. It also emphasizes the role of cloud providers and the U.S. military in disrupting cybercriminal infrastructure. China is identified as the biggest cyber threat to U.S. interests. The administration aims to work with Congress and the private sector to develop legislation that holds companies accountable for the security of their software. This landmark moment in the industry is seen as a step towards shaping standards of care for secure software development.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| Beefing up cybersecurity posture | Strengthening cybersecurity measures | Enhanced cybersecurity measures and infrastructure | Increasing cyber threats and attacks |
| Liability for software products and services | Legislation to hold companies accountable for secure software | Higher standards of care for software | Market forces leading to poor security practices |
| Active role by cloud providers and military in disrupting cybercriminal infrastructure | Increased involvement in disrupting cyber threats | More coordinated and effective disruption campaigns | Need for faster and more frequent disruption of cybercriminals |
| China as the biggest cyber threat to US interests | Identifying China as the primary cyber threat | Greater focus on countering Chinese cyber activities | China’s intent to reshape international order and growing power |
| Safe harbor framework for cybersecurity | Establishment of guidelines for demonstrating cybersecurity focus | Incremental improvement in security best practices | Creating accountability and incentives for secure software development |
| Federal Cyber Insurance Backdrop | Exploring government’s role in insuring against cyber incidents | Potential government intervention to stabilize insurance markets | Addressing catastrophic cyber incidents and market uncertainty |
| Strengthening cybersecurity workforce and diversity | Addressing the lack of diversity in cybersecurity professionals | More diverse and skilled cybersecurity workforce | Ensuring a strong and inclusive cybersecurity workforce |
| Collaboration with cloud and internet infrastructure providers | Closer partnership with providers to identify and disrupt malicious activities | Improved identification and reporting of malicious use of infrastructure | Enhancing collaboration and information sharing |
| Verification of foreign individuals using cloud services | Implementing requirements for cloud providers to verify user identity | Enhanced security and risk-based approach to cloud services | Mitigating risks associated with foreign users of cloud infrastructure |
| Government’s response to cyber threats | Focused efforts to disrupt cybercriminal activities | More coordinated and effective response to cyber threats | Protection of national security and critical infrastructure |