Biden Administration Wants To Hold Companies Liable For Bad Cybersecurity

Getty Images reader comments

121 with

Share this story

The Biden administration on Thursday pushed for new mandatory regulations and liabilities to be imposed on software makers and service providers in an attempt to shift the burden of defending US cyberspace away from small organizations and individuals.

“The most capable and best-positioned actors in cyberspace must be better stewards of the digital ecosystem,” administration officials wrote in a highly anticipated updated National Cybersecurity Strategy document. “Today, end users bear too great a burden for mitigating cyber risks. Individuals, small businesses, state and local governments, and infrastructure operators have limited resources and competing priorities, yet these actors’ choices can have a significant impact on our national cybersecurity.”

Increasing regulations and liabilities

The 39-page document cited recent ransomware attacks that have disrupted hospitals, schools, government services, pipeline operations, and other critical infrastructure and essential services. One of the most visible such attacks occurred in 2021 with a ransomware attack on the Colonial Pipeline, which delivers gasoline and jet fuel to much of the Southeastern US. The attack shut down the vast pipeline for several days, prompting fuel shortages in some states.

In the wake of that attack, the administration imposed new regulations on energy pipelines. Thursday’s strategy document signaled that similar frameworks are likely coming to additional industries.

“Our strategic environment requires modern and nimble regulatory frameworks for cybersecurity tailored for each sector’s risk

Read more

Explore the site

More from the blog

Latest News