An ambitious and wide-ranging White House cybersecurity plan released Thursday calls for bolstering protections on critical sectors and making software companies legally liable when their products don’t meet basic standards. The strategy document promises to use “all instruments of national power” to pre-empt cyberattacks.
The 35-page document lays the groundwork for better countering rising threats to government agencies, private industry, schools, hospitals and other vital infrastructure that are routinely breached. In the past few weeks, the FBI, U.S. Marshals Service and Dish Network were among the intrusion victims.Although millions of records remained secure, the L.A. Unified data breach was worse than previously disclosed and included the release of sensitive student information.
Brandon Valeriano, former senior adviser to the federal government’s Cyberspace Solarium Commission, agreed. In a new report, the tech data firm Forrester Research said state-sponsored cyberattacks rose nearly 100% between 2019 and 2022 and their nature changed, with a greater percentage now carried out for data destruction and financial theft. The threats are mostly from abroad: Russia-based cybercrooks and state-backed hackers from Russia, China, North Korea and Iran.
As a nation, “we tend to devolve responsibility for cybersecurity downward. We ask individuals, small businesses and local governments to shoulder a significant burden for defending us all,” Walden said.“Too many vendors ignore best practices for secure development, ship products with insecure default configurations or known vulnerabilities, and integrate third-party software of unvetted or unknown provenance,” the document says.