Biden team makes cybersecurity a priority for government

By Vincent M. Voci
Vice President, Cyber Policy and Operations
Cyber, Space, and National Security Policy
U.S. Chamber of Commerce

The Biden administration has adopted a strong, proactive approach to cybersecurity policy, recognizing the urgency of protecting the United States from cyberthreats. And for good reason: In 2016, Russian-backed actors conducted intrusions into U.S. political institutions; in January 2021, the United States faced significant cyber risk when a Russian government-backed operation breached the SolarWinds Orion network management software. In response, the Biden administration launched a 100-day sprint to strengthen the cybersecurity of the nation’s industrial control systems for the electricity sector. President Biden also signed Executive Order 14028 on Improving the Nation’s Cybersecurity in May 2021 to safeguard the software supply chain.

EO 14028 requires the U.S. government to define public security measures for critical software, uses the government’s purchasing power to drive enhanced cybersecurity standards into IT systems purchased by the government, and articulates a vision for zero-trust architectures in federal government networks. Another key aspect of the administration’s cybersecurity policy is the focus on addressing ransomware, with the administration publicly vowing to hold ransomware actors accountable.

Congress has passed several notable pieces of legislation, including the Cyber Incident Reporting for Critical Infrastructure Act of 2022, or CIRCIA, which established a mandatory cybersecurity incident reporting program. The U.S. Chamber of Commerce was influential in the congressional negotiations around CIRCIA, advocating for its members’ priorities across timelines, covered entities, substantial incidents and legal liability issues.

The Biden administration’s National Cyber Strategy articulates the whole-of-government, whole-of-society approach to rebalancing responsibilities for defending and securing cyberspace. The NCS communicates a new direction for cyber policy in the United States, starting with the premise that voluntary industry and market forces have failed to adequately invest in cybersecurity, risk management and resilience. Therefore, regulation is required to incentivize industry investment in stepped-up cybersecurity.

Cybersecurity best practices for organizations have remained uniform for years, including risk assessments, security measures, incident response and employee training. However, as the U.S. Chamber found in a recent report, regulation has dramatically increased over the last decade. Midsize businesses should monitor regulations along four categories of cyber public policy risk, including sector-specific cybersecurity regulations (e.g., TSA rail and pipeline, EPA Public Water), incident reporting or public disclosure, common cybersecurity standards (e.g., NIST Cybersecurity Framework, CISA Performance Goals, CISA Security-by-Design and -Default), and state-by-state approaches to cybersecurity regulations (e.g., State of New York Legislation A.3904B/S.5579A). Given that cyber risk from threat actors has steadily increased over the same period, according to the U.S. Chamber’s analysis, there is a significant growing risk to businesses from public policy, such as changes to laws, regulations or legal enforcement.

While there is a growing willingness by both political parties in Washington to pursue aggressive policy changes through regulation, the U.S. Chamber is committed to working alongside policymakers to ensure that good intentions do not lead to undesirable policy outcomes.

Let’s Talk!

Call us at (325) 677-6251 or fill out the form below and we’ll contact you to discuss your specific situation.

  • Topic Name:
  • Should be Empty:

This article was written by RSM US LLP and originally appeared on May 18, 2023.
2022 RSM US LLP. All rights reserved.
https://rsmus.com/insights/economics/biden-team-makes-cybersecurity-a-priority-for-government.html

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each is separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/about us for more information regarding RSM US LLP and RSM International. The RSM logo is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.