Nation-State

US National Cyber Strategy Pushes Regulation, Aggressive Hack-Back Operations

The U.S. government is set to green-light a more aggressive ‘hack-back’ approach to dealing with foreign adversaries and mandatory regulation of critical infrastructure vendors.

Published

White House

The U.S. government is set to release a cybersecurity strategy document that approves mandatory regulations on critical infrastructure vendors and green-lights a more aggressive ‘hack-back’ approach to dealing with foreign adversaries.

According to early reporting on the strategy document making the rounds in Washington, the Biden administration is mulling over the final details of a 35-page National Cybersecurity Strategy that will use regulation to “level the playing field” in national security.

“[While] voluntary approaches to critical infrastructure cybersecurity have produced meaningful improvements, the lack of mandatory requirements has too often resulted in inconsistent and, in many cases inadequate, outcomes,” the document argues, calling for a dramatic shift of liability “onto those entities that fail to take reasonable precautions to secure their software.” 

The strategy, created by the Office of the National Cyber Director (ONCD), also gives high-level authorization to law enforcement and intelligence agencies to hack into foreign networks to prevent attacks or to retaliate against APT campaigns.

According to a draft copy seen by Slate, the aggressive strategy is meant to preemptively “disrupt and dismantle” hostile networks by authorizing U.S. defense, intelligence, and law enforcement agencies to hack into the computer networks of criminals and foreign governments. 

“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the document states in a section titled “Disrupt and Dismantle Threat Activities,” according to Slate.

The strategy document goes deeper, assigning the work to the FBI’s National Cyber Investigative Joint Task Force working in tandem with all relevant U.S. agencies.  It said private companies will be “full partners” to issue early warnings and help repel cyberattacks.

The strategy is expected to be signed by President Biden “in the coming weeks.”

Advertisement. Scroll to continue reading.

Related: Chris Inglis Steps Down as US National Cyber Director

Related: Biden Signs Two Cybersecurity Bills Into Law

Related: The AP Interview: Justice Dept. Conducting Cyber Crackdown

Related: Biden, Tech Leaders Eye ‘Concrete Steps’ to Boost Cybersecurity

In this article:,

Related Content

Government data leak

Government

CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities

CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities.

March 28, 2024

Government

White House Nominates First Assistant Secretary of Defense for Cyber Policy

Michael Sulmeyer has been nominated by the White House as the first assistant secretary of defense for cyber policy at the Pentagon.

March 25, 2024

Government

Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes

A new Biden executive order to boost the cybersecurity of US ports highlights the risks associated with the use of Chinese cranes.

February 21, 2024

Government

TSA Updates Pipeline Cybersecurity Requirements

The TSA has released updated cybersecurity requirements for pipeline owners and operators, instructing them to test assessment and incident response plans.

July 27, 2023

Government

SEC Says Companies Must Disclose Cybersecurity Incidents Within 4 Days

The SEC has adopted new rules requiring public companies to disclose cybersecurity breaches that have a material impact within four days.

July 27, 2023

Government

US Publishes Implementation Plan for National Cybersecurity Strategy

The Biden-⁠Harris administration has laid out the plan for implementing the National Cybersecurity Strategy.

July 14, 2023

Government

White House Outlines Cybersecurity Budget Priorities for Fiscal 2025

The White House has released a memorandum outlining the cybersecurity investment priorities for government departments and agencies for fiscal year 2025.

June 29, 2023

Government

CISA Instructs Federal Agencies to Secure Internet-Exposed Devices

CISA’s Binding Operational Directive 23-02 requires federal agencies to secure the network management interfaces of certain classes of devices.

June 14, 2023

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version