Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

US National Cyber Strategy Pushes Regulation, Aggressive Hack-Back Operations

The U.S. government is set to green-light a more aggressive ‘hack-back’ approach to dealing with foreign adversaries and mandatory regulation of critical infrastructure vendors.

Cybersecurity executive order

The U.S. government is set to release a cybersecurity strategy document that approves mandatory regulations on critical infrastructure vendors and green-lights a more aggressive ‘hack-back’ approach to dealing with foreign adversaries.

According to early reporting on the strategy document making the rounds in Washington, the Biden administration is mulling over the final details of a 35-page National Cybersecurity Strategy that will use regulation to “level the playing field” in national security.

“[While] voluntary approaches to critical infrastructure cybersecurity have produced meaningful improvements, the lack of mandatory requirements has too often resulted in inconsistent and, in many cases inadequate, outcomes,” the document argues, calling for a dramatic shift of liability “onto those entities that fail to take reasonable precautions to secure their software.” 

The strategy, created by the Office of the National Cyber Director (ONCD), also gives high-level authorization to law enforcement and intelligence agencies to hack into foreign networks to prevent attacks or to retaliate against APT campaigns.

According to a draft copy seen by Slate, the aggressive strategy is meant to preemptively “disrupt and dismantle” hostile networks by authorizing U.S. defense, intelligence, and law enforcement agencies to hack into the computer networks of criminals and foreign governments. 

“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the document states in a section titled “Disrupt and Dismantle Threat Activities,” according to Slate.

The strategy document goes deeper, assigning the work to the FBI’s National Cyber Investigative Joint Task Force working in tandem with all relevant U.S. agencies.  It said private companies will be “full partners” to issue early warnings and help repel cyberattacks.

The strategy is expected to be signed by President Biden “in the coming weeks.”

Advertisement. Scroll to continue reading.

Related: Chris Inglis Steps Down as US National Cyber Director

Related: Biden Signs Two Cybersecurity Bills Into Law

Related: The AP Interview: Justice Dept. Conducting Cyber Crackdown

Related: Biden, Tech Leaders Eye ‘Concrete Steps’ to Boost Cybersecurity

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.