Biden’s new cyber plan: software makers held responsible
Published by Sara Simper,
Editorial Assistant
World Pipelines,
The Biden administration has recently released an aggressive new national cybersecurity strategy that seeks to shift the blame from companies that get hacked to software manufacturers and device makers, putting it on a potential collision course with big technology companies.
The 35-page strategy asserts that software makers must be “held liable when they fail to live up to the duty of care they owe consumers, businesses or critical infrastructure providers.”
The document also cited recent ransomware attacks that have disrupted pipeline operations, hospitals, schools, government services, and other essential services. One of the most visible such attacks of course occurred in 2021 with a ransomware attack on the Colonial Pipeline – an attack that shut down the pipeline for several days, causing ‘panic at the pump’ and resulting in an East Coast fuel shortage. In the wake of this attack, the administration imposed new regulations on energy pipelines, and this new strategy signals similar frameworks are likely coming to more industries.
The last time a president laid out a national cybersecurity blueprint was in 2018 under President Donald Trump, and in the five years since, the US has experienced a flurry of high-profile ransomware attacks. Alongside the Colonial Pipeline, they include the Solar Winds supply chain attack that was revealed in December 2020. By compromising SolarWinds' software distribution system, threat actors working on behalf of the Kremlin pushed malware to roughly 18 000 customers who used the network management product. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organisations.
Edgard Capdevielle, CEO of OT, ICS and IoT security company Nozomi Networks, has made the following comment:
"The National Cyber Strategy's non-voluntary requirements for critical infrastructure to increase cybersecurity posture will be met with varying responses from CEOs and Boards alike. While the impetus for a better cyber posture to defend against potential nation-state adversaries is wise and necessary, the ability for these entities to identify the budget and personnel to manage these pieces is going to be difficult. As it is for most companies in this macroeconomic climate. We look forward to working with our US critical infrastructure partners, just as we have with their international counterparts, to meet changing regulatory guidelines with the best defences and visibility possible."
Read the article online at: https://www.worldpipelines.com/special-reports/03032023/bidens-new-cyber-plan-software-makers-held-responsible/
You might also like
Energy Transfer announces FID for Permian Basin pipeline project
Project will reportedly provide additional natural gas capacity to serve growing market needs.