The U.S. is set to embrace a more aggressive approach to cybersecurity

During January, headlines in the U.S documented that ‘the Biden Administration is getting much more aggressive with regards to cybersecurity’. A new policy is set to go beyond the realms of defending against attacks, but instead will empower agencies in the U.S to retaliate and hack into the network of cybercriminals and foreign governments.

The new policy has been outlined in a 35-page document called “National Cybersecurity Strategy” and it is far different from previous papers on similar subjects released in the last 25 years. First, the policy will impose mandatory regulations on many industries in the U.S including banking, finance, telecommunications, energy, water, transportation systems and emergency management services. All of these sectors are critical to the running and organisation of modern day life and society, and operate on connected networks which makes them highly vulnerable to cyberattacks. Secondly, the policy will authorise offensive tactics to be carried out by law enforcement agencies and the U.S. national defense team.

The document states that the goal of the strategy is to ‘make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States’. A key part of the report is entitled “Disrupt and Dismantle Threat Activities’’. This speaks for itself.

Senior officials at the White House have been working on the new policy for some time.  The U.S government has acknowledged that the guidelines set out by the CISA, which were voluntary, failed to block major intrusions by cybercriminals and foreign governments. It also acknowledged defensive measures had a limited impact in a climate of highly skilled cyber criminals and hackers. The new policy will be supported by the FBI’s National Cyber Investigative Joint Task Force, who will collaborate with relevant U.S agencies to implement the mandatory regulations.

With the new year well and truly underway, cybersecurity remains to be a highly pressing and urgent issue within the U.S.  Not only is the threat to national security high, it also poses greater financial risks.  At the end of January, The Department of Justice in the U.S announced that it ‘dismantled an international ransomware group; known as Hive, that was responsible for  extorting more than $100 million in payments from organizations based in the U.S. and around the world.’ According to Washington, both cyber and ransomware attacks have dramatically increased in the last two years. Due to this, the Biden administration has made it a key priority to counter these risks.

For firms operating in the banking and financial sectors, establishing a robust and solid cybersecurity strategy continues to be imperative in 2023 and beyond. The threat level is high and regulatory requirements are gathering pace.  Now is the time to take action by reviewing your current cybersecurity posture and engage a specialist like RFA to work with you to ensure a future focussed security solution for your IT needs.