The White House revealed a new cybersecurity plan on Thursday, the latest move by the US government to strengthen its cyber defenses in the face of an upsurge in hacking and digital crimes against the country.
The strategy, which is meant to guide future policy, calls for tighter regulation of existing cybersecurity practices across industries as well as increased collaboration between the government and the private sector.
It follows a slew of high-profile hacking events against the US by local and international players, as well as the military conflict between Russia and Ukraine, in which cyber warfare has played a key role.
According to the strategy, China and Russia are the most significant cybersecurity dangers to the United States. On a conference call with reporters, a US official who declined to be identified claimed that part of the new plan was geared at containing Russian hackers.
“Russia is serving as a de facto safe haven for cybercrime, and ransomware is a predominant issue that we’re dealing with today,” the official said.
Ransomware attacks, in which cybercriminal gangs seize control of a target’s systems and demand ransom payments, are among the most common types of cyber attacks and have impacted a wide range of industries in recent years.
“The criminal justice system isn’t going to be able to on its own address this problem – we do need to look at other elements of national power,” the official added. “So we’re hopeful that Russia understands the consequences of malicious activity in cyberspace, and will continue to be restrained.”
The strategy calls for building coalitions with foreign partners “to create pressure on Russia and other malicious actors to change their behavior,” said a second U.S. official on the call, who also declined to be named.
“I think we’ve seen some success in sustaining those coalitions over the last year,” the official added.
Among a range of things, the strategy calls for improving standards of patching vulnerabilities in computer systems, and implementing an executive order that would require cloud companies to verify the identity of foreign customers.
