Biden National Cybersecurity Strategy May be a Pitfall of Liability for Private Sector
As the Biden administration attempts to moves forward with its National Cybersecurity Strategy, private businesses are facing an increased risk of liability. The strategy, which was announced in March of this year, outlines a new approach to improving the security of cyber-networks that could have serious implications for those operating within the private sector. While the strategy has the potential to benefit companies by increasing their overall security and protecting customer data, it also leaves them open to potential liability if they fail to adhere to the standards outlined.
This Strategy seeks to build and enhance collaboration around what they are branding “the five pillars,” which are:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
To these ends, the strategy calls for increased regulation of private companies, including new requirements for them to report cyber-attacks or other security incidents. It also seeks to create a “common security framework” across all sectors, which could mean increased costs for companies in terms of implementing new technologies and practices.
At the same time, the strategy does not provide any explicit legal protection for private companies that are found to be non-compliant with its standards, as of yet. This raises the possibility that companies could be held liable for any damages resulting from a cyber-attack or data breach.
National Cybersecurity Efforts Risks & Liabilities
The Biden administration has acknowledged the potential liability risks, but it is unclear how they will address them in the future. In the meantime, businesses should remain vigilant by regularly evaluating their cybersecurity practices and taking steps to ensure compliance with the National Cybersecurity Strategy’s standards. Doing so can help to minimize the risk of potential liability, as well as protect their customers’ data and assets.
As businesses work to protect themselves from potential liability, the National Cybersecurity Strategy offers a set of guidelines for achieving a higher level of security. These include maintaining strong authentication and encryption measures, regularly monitoring for malicious activity, and implementing strategies to prevent data breaches. In addition, companies should invest in employee training to ensure that all staff members are aware of their responsibilities and the importance of following security protocols.
In the public sector, the administration has submitted a $3.1 billion expenditure request for the Cybersecurity and Infrastructure Security Agency (CISA), an increase of 22% from last year, to implement this strategy and fund other security-based initiatives.
The National Cybersecurity Strategy is being billed as an important step towards improving the security of our nation’s networks. However, the potential for liability remains a concern for businesses operating in the private sector. As such, companies should remain vigilant and take steps to protect themselves from any potential legal ramifications as a result of new mandated protocols.