The White House unveiled its National Cybersecurity Strategy Thursday, reclassifying ransomware attacks as a national security threat and holding tech firms responsible for building software that can withstand malicious actors, amid rising cyber threats against critical infrastructure across the country.
In a 38-page document, the White House said voluntary cybersecurity measures in place today have produced “inadequate and inconsistent outcomes” as it calls for stronger regulation to protect “critical infrastructure.”
The document classifies ransomware attacks as a “threat to national security, public safety, and economic prosperity,” adding that these attacks are being carried out by malicious actors from “safe havens like Russia, Iran, and North Korea.”
The U.S. government will now employ “all elements of national power” to counter the threat of ransomware attacks including “disruption campaigns” directly targeting malicious actors.
The strategy also shifts the burden of dealing with cyber threats from consumers and small businesses to tech companies that offer software, systems and services.
The roadmap, if adopted into law, would likely make tech firms liable for any vulnerability in their code that leads to a cyberattack.
The White House document also calls out the governments of China, Russia, Iran, North Korea” and other autocratic states” for their “reckless disregard for the rule of law and human rights in cyberspace.”
The administration says cyber attacks originate from multiple adversarial nations, but it singles out China as the biggest threat. “The People’s Republic of China (PRC) now presents the broadest, most active, and most persistent threat to both government and private sector networks and is the only country with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do so.”
The U.S. has been hit by a series of major cyberattacks targeting critical infrastructure, food suppliers, hospitals and even schools in recent years. One of the most high-profile attacks occurred in 2021 when a Russia-based cybergroup targeted the Colonial Pipeline, a critical pipeline system that carries gasoline and jet fuel across the eastern United States from Houston. The hackers were paid a ransom of $4.4 million by the company to restore operations on the critical pipeline. JBS Foods, the country’s largest meat processing company was also hit by a major cyber attack in 2021. In response to the two major attacks, President Joe Biden issued an executive order to boost national cybersecurity.