The US government is set to publish a cybersecurity strategy document endorsing mandatory regulations on critical infrastructure providers and emphasizing a more aggressive ‘hack-back’ approach to dealing with hackers
The Biden administration is reviewing the final details of a 35-page national cyber security strategy that will use regulation to “level the playing field” in national security.
Voluntary approaches to critical infrastructure cybersecurity have brought significant improvements, but the lack of mandatory requirements has too often resulted in inconsistent, and in many cases, unsatisfactory results.
The strategy, created by the Office of the National Cyber Administrator (ONCD), also gives high-level authorization to law enforcement and intelligence agencies to break into the hacker’s network to prevent attacks or respond to APT campaigns.
According to the draft copy, the aggressive strategy is intended to “disrupt and dismantle” hostile networks in advance by allowing US defense, intelligence and law enforcement agencies to break into the computer networks of hackers and foreign governments.
The goal is for hackers to be unable to mount sustained cyber-based campaigns that threaten the national security or public safety of the United States.
The strategy document goes deeper, assigning the work to the FBI’s National Cyber Investigation Task Force working in conjunction with all relevant US agencies.
The strategy is expected to be signed by President Biden “in the coming weeks”.