We’ve previously talked about how Joe Biden and the White House have made bold proclamations about their stance on cybersecurity. Unfortunately, they’ve been slow to act on their promises. And in the meantime, American companies continue to suffer huge breaches.
The Biden administration has recently started paying more lip service to increased cybersecurity. Let’s hope they’re for real this time.
Joe Biden Sounded Serious About Cybersecurity
Not long after one of the biggest hacks our country has ever seen against software company SolarWinds, then-president Donald Trump tried to downplay the situation by saying everything was “well under control.”
He was wrong. Things were not under control. In fact, months later, we’re still calculating the fallout from the Russian-sponsored attack.
Check out this video detailing the breach:
Naturally, when Joe Biden took office, he talked about a big game about how he would be different than Donald Trump since that was his basic platform as a candidate.
Biden said that Trump “failed to prioritize cybersecurity.” When he took office, Biden proposed to dedicate $9 billion toward cybersecurity. He also detailed the need to hire a ‘leader’ to head the cybersecurity branch of the government.
Trump was out, Biden was in, and everything seemed to be on the up and up for our nation’s cybersecurity.
And then, earlier this March, Microsoft announced that it was hit with an attack that’s potentially even more devastating than the SolarWinds hack.
And government watchdog Government Accountability Office (GAO) reported that federal cybersecurity has “regressed” since 2019. Specifically, the GAO found that the U.S. lacked in cybersecurity ‘leadership commitment’ and that it was missing ‘important characteristics’ found in Trump’s plans.
One of those characteristics was an officially appointed central leader. Biden’s White House established such a position in January but, at the time of the GAO’s report in March, had yet to fulfill it.
The White House Is Trying New Things
According to The Washington Post, the White House is “ramping up coordination with the private sector” to address the recent attacks.
A senior administration official told The Post:
We still believe that public-private partnership is foundational in cybersecurity and we want to ensure we’re taking every opportunity to include key private-sector participants early and directly in our remediation efforts.
The White House is considering several possibilities for potential solutions. One includes a rating system for software. This idea has been pushed by Congress’s Cyberspace Solarium Commission and several industry groups.
The Biden administration is also weighing the idea of passing legislation that would require home devices to come with security labels.
It’s not exactly clear how either of these options would prevent a breach similar to the SolarWinds attack, but the senior official said that executive orders on both options are forthcoming. The administration has also hinted at some sort of ‘retaliation’ against hostile actors.
One thing seems clear: the government is not looking to increase surveillance of U.S. internet traffic. The official told The Washington Post that the current regime is not looking to expand domestic surveillance as it would likely face backlash from privacy advocates.
Unfortunately, places like China, which is believed to be behind the Microsoft attack, aren’t encumbered by ‘privacy advocates.’
It’s no easy job to thread the needle of protecting America and allowing its citizens privacy. Hopefully, the Biden administration can find the right angle of attack; and then act on it.
Featured image by archna nautiyal from Shutterstock.