White House Releases New National Cybersecurity Strategy

The Biden Administration has released its 2023 National Cybersecurity Strategy, which is designed to protect public safety, national security and economic prosperity. The Strategy targets exploitation by malicious cyber actors and states of U.S.-based cloud infrastructure, domain registrars, hosting and email providers, and other digital services. The federal government will work with cloud and other internet infrastructure providers to identify malicious use of U.S.-based infrastructure, share information, ease reporting of abusive activities, and protect resources from bad actors.

The Strategy identifies five main areas of focus:

    • Defending Critical Infrastructure
    • Disrupting and Dismantling Threat Actors
    • Shaping Market Forces to Drive Security and Resilience
    • Investing in a Resilient Future
    • Forging International Partnerships to Pursue Shared Goals

Other policies include shifting the burden for cybersecurity away from individuals and small organizations to organizations that are better positioned to reduce risks; realigning incentives to favor long-term investments in resilience, security, and new technologies; and striking a balance between defending the country against urgent threats and planning for and investing in a resilient future.

The Strategy asks Congress for help in several areas, such as bridging the gaps in statutory authorities to set minimum cybersecurity requirements or mitigate related market failures; imposing clear limits on the ability to collect, use, transfer, and maintain personal data and provide strong protections for sensitive data; setting national security requirements to secure personal data consistent with standards set by the National Institute of Standards and Technology; and establishing liabilities for software products and services that fail to provide the duty of care owed to consumers.

The Strategy directs the Office of the National Cyber Director – in cooperation with the Office of Management and Budget and other interagency partners – to publish a plan to set out the federal effort that will be necessary to achieve the Strategy’s objectives. The National Security Council will oversee these efforts.

If you have questions about the National Cybersecurity Strategy or its impact on your business, contact an attorney in our Privacy, Data Protection, and Cybersecurity practice group.