The Biden Administration Thursday unveiled a new cybersecurity strategy that urges tighter regulation of existing practices and stronger collaboration between the government and private sector.
“Our rapidly evolving world demands a more intentional, more coordinated, and more well-resourced approach to cyber defense,” the White House said in a press release. “We face a complex threat environment, with state and non-state actors developing and executing novel campaigns to threaten our interests.”
The plan comes amid a series of high-profile hacking incidents by domestic and foreign cybercriminals.
One of the most urgent cases involved Colonial Pipeline, the major pipeline operator for sending fuel to the East Coast, in May 2021. A ransomware attack by a suspected Russian cybercriminal shut it down for days, sparking shortages at gas stations and subsequent hoarding in multiple states.
Ransomware—the crime in which the perpetrators lock up a company’s computers and demand ransom, usually in cryptocurrency, to unlock the systems—has been an especially lucrative crime in recent year.
However, revenue from ransomware fell to about $457 million in 2022, down from $766 million in 2021, according to data from cryptocurrency-tracking firm Chainalysis. The Treasury Department, however, puts the estimate for 2021—the most recent year for which there is public data—at $886 million.
In January the DOJ announced a major ransomware bust, seizing the website that a notorious gang of hackers called “The Hive” had used to extort more than $100 million from its victims.
The cybersecurity strategy unveiled on Thursday names China and Russia as the most prominent cybersecurity threats to the U.S. One unnamed U.S. official on a call with reporters said, “Russia is serving as a de facto safe haven for cybercrime,” adding that ransomware was a “predominant issue” of American anti-hacking efforts.
Russia does not extradite its citizens, and the White House has struggled to convince the Kremlin to take action against its international cybercriminals.
The new strategy calls for new standards for fixing computer systems’ vulnerabilities, as well as implementing an executive order that would require cloud companies to verify foreign customers’ identities.
The cybersecurity plan is being coordinated by the Office of the National Cyber Director, and the White House said that implementation of the strategy “is already underway.”
Read more exclusive news from Political IQ.