Biden Vows to Protect Critical Infrastructure in Cyber Strategy
Defending critical infrastructure is the administration’s top national cybersecurity priority, President Joe Biden announced Thursday, releasing the administration’s strategy.
The strategy, led by the national cyber director, seeks public-private collaboration on five pillars: defend critical infrastructure; disrupt and dismantle threat actors; shape market forces to drive security and resilience; invest in a resilient future; and forge international partnerships to pursue shared goals. “We must ensure the internet remains open, free, global, interoperable, reliable, and secure -- anchored in universal values that respect human rights and fundamental freedoms,” said Biden.
The strategy seeks two “fundamental shifts,” the State Department said: “rebalancing the responsibility to defend cyberspace and realigning incentives to favor long-term investments.”
The administration has been slow to deliver this strategy, which it has been promising for months, said House Homeland Security Committee Chairman Mark Green, R-Tenn., and House Cybersecurity Subcommittee Chairman Andrew Garbarino, R-N.Y., in a joint statement. They credited Biden for recognizing threats from China and Russia and the need for public-private collaboration. But they criticized the administration’s “desire for more regulation, bureaucracy, and red tape” in the strategy. Former President Donald Trump’s cyber strategy “promoted open, industry driven standards, and risk-based approaches.” They warned against overburdensome and unnecessary regulation from multiple agencies.
House Homeland Security Committee Democrats are “eager to explore opportunities to incentivize security-by-design so that consumers no longer bear the brunt of the rush-to-market,” said ranking member Bennie Thompson, D-Miss., in a joint statement with House Cybersecurity Subcommittee ranking member Eric Swalwell, D-Calif. They applauded the administration’s “aspirations to better coordinate federal efforts to disrupt malicious cyber campaigns, become a more effective security partner to the private sector, and ensure the U.S. is prepared to defend against the threats of the future by investing” in R&D.
The U.S. Chamber of Commerce “looks forward to working with the Administration throughout its implementation of the strategy to ensure that good intentions do not lead to undesirable policy outcomes,” said Senior Vice President-Cyber Christopher Roberti. CTA believes the government “should continue to partner with the private sector and embrace a light-touch regulatory approach that fosters industry-driven best practices for consumer device cybersecurity, not mandates, and recognizes the importance of incentives to accelerate manufacturer adoption, such as liability protections,” said Vice President-Regulatory Affairs David Grossman.
Senate Intelligence Committee Chairman Mark Warner, D-Va., credited the administration's strategy for prioritizing the coordination of cybersecurity incident reporting, after legislation passed in 2022 (see 2203020029). "I’m also glad to see the Administration’s renewed focus on protecting the sensitive medical data and safety of Americans as cyber attacks on our health care systems become more frequent and aggressive," said Warner.