Analysis Technology providers can expect more regulations, while cyber criminals can look for US law enforcement to step up their efforts to disrupt ransomware gangs and other illicit activities, under the Biden administration’s computer security plan announced on Thursday.
The long-awaited National Cybersecurity Strategy calls for adopting minimum security standards for critical infrastructure owners and operators, and holding software companies liable for security flaws in their products. It also says the US plans to use “all instruments of national power to disrupt and dismantle threat actors” that threaten US and public safety.
The plan [PDF] is built around five “pillars,” the first of which is focused on defending US critical infrastructure, which is mostly commercially owned. This includes enforcing minimum cybersecurity requirements in critical sectors and improving public-private collaboration around threats and defenses.
It also calls on the federal government to modernize its own networks and update its incident response policy to serve as examples of best-practices for private sector companies.
“By making its own networks more defensible and resilient, the Federal Government will be a model for private sector emulation,” the strategy says.
It’s hoped this will accelerate some of the best practices called for in Biden’s earlier cybersecurity executive order from May 2021, CrowdStrike VP of privacy and cybersecurity Drew Bagley told The Register.
“When we go back to Executive Order 14028, we see the president’s call for the implementation of endpoint detection and response, threat hunting, centralized log management, coordinated incident response and