Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
Beefing Up the U.S. Cybersecurity Strategy
March 7, 2023
Krebs on Security highlighted the new U.S. cybersecurity strategy in a March 2 post.
The new strategy has received positive feedback. It includes:
- Working with Congress and the private sector to develop legislation establishing liability for software products and services that are sold without much regard for security – this includes developing a “safe harbor framework” for products and services.
- A more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure.
- Publicly naming China as the biggest cyberthreat to U.S. interests.
The government document states that “the People’s Republic of China (PRC) “now presents the broadest, most active, and most persistent threat to both government and private sector networks,” and says China is “the only country with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do so.”
China is also the source of an amazing number of low-cost Internet of Things (IoT) devices that are not only poorly secured but are probably more accurately described as insecure by design.
With respect to ransomware, the White House strategy focuses heavily on building the capability to disrupt the digital infrastructure used by adversaries that are threatening vital U.S. cyber interests.
The Biden administration says it will expand the capacity of the National Cyber Investigative Joint Task Force (NCIJTF), the primary federal agency for coordinating cyber threat investigations across law enforcement agencies, the intelligence community, and the Department of Defense.
“To increase the volume and speed of these integrated disruption campaigns, the Federal Government must further develop technological and organizational platforms that enable continuous, coordinated operations,” the strategy observes. “The NCIJTF will expand its capacity to coordinate takedown and disruption campaigns with greater speed, scale, and frequency. Similarly, DoD and the Intelligence Community are committed to bringing to bear their full range of complementary authorities to disruption campaigns.”
The strategy anticipates the U.S. government working more closely with cloud and other Internet infrastructure providers to quickly identify malicious use of U.S.-based infrastructure, sharing reports of malicious use with the government, and making it easier for victims to report abuse of these systems.
“Given the interest of the cybersecurity community and digital infrastructure owners and operators in continuing this approach, we must sustain and expand upon this model so that collaborative disruption operations can be carried out on a continuous basis,” the strategy argues. “Threat specific collaboration should take the form of nimble, temporary cells, comprised of a small number of trusted operators, hosted and supported by a relevant hub. Using virtual collaboration platforms, members of the cell would share information bidirectionally and work rapidly to disrupt adversaries.”
The administration said it is taking steps to implement Executive Order (EO) 13984 –issued by the Trump administration in January 2021 — which requires cloud providers to verify the identity of foreign persons using their services.
“All service providers must make reasonable attempts to secure the use of their infrastructure against abuse or other criminal behavior,” the strategy states. “The Administration will prioritize adoption and enforcement of a risk-based approach to cybersecurity across Infrastructure-as-a-Service providers that addresses known methods and indicators of malicious activity including through implementation of EO 13984.”
One brief section of the strategy titled “Explore a Federal Cyber Insurance Backdrop” contemplates the government’s liability and response to a too-big-to-fail scenario or “catastrophic cyber incident.”
“We will explore how the government can stabilize insurance markets against catastrophic risk to drive better cybersecurity practices and to provide market certainty when catastrophic events do occur,” the strategy reads.
Most interesting – we’ll see how that plays out.
What happens if there is “Pearl Harbor incident” where many companies have to make a claim at the same time?
At this point, no one doubts the capabilities, goals and outcomes of dozens of nation-state level cyber adversaries. These days, a catastrophic cyber incident might be little more than an extended, simultaneous outage at multiple cloud providers.
The full national cybersecurity strategy is available from the White House website.
Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology