Biden administration wants to hold companies liable for bad cybersecurity
The Biden administration on Thursday pushed for new mandatory regulations and liabilities to be imposed on software makers and service providers in an attempt to shift the burden of defending US cyberspace away from small organizations and individuals.
“The most capable and best-positioned actors in cyberspace must be better stewards of the digital ecosystem,” administration officials wrote in a highly anticipated documenting an updated National Cybersecurity Strategy. “Today, end users bear too great a burden for mitigating cyber risks. Individuals, small businesses, state and local governments, and infrastructure operators have limited resources and competing priorities, yet these actors’ choices can have a significant impact on our national cybersecurity.”
Increasing regulations and liabilities
The 39-page document cited recent ransomware attacks that have disrupted hospitals, schools, government services, pipeline operations, and other critical infrastructure and essential services. One of the most visible such attacks occurred in 2021 with a ransomware attack on the Colonial Pipeline, which delivers gasoline and jet fuel to much of the southeastern US. The attack shut down the vast pipeline for several days, prompting fuel shortages in some states.