Cyberattack

Large Companies Liable for Software Security Weaknesses Under New Cyber Strategy

The White House will publish a national cybersecurity strategy that would hold large companies accountable for failing to take reasonable steps to secure their software. At a recent CyberScoop event, Camille Stewart Gloster, the deputy national cyber director for technology and ecosystem security, said shifting the liability toward larger players that can make systems secure by design will help boost U.S. cybersecurity.

Chris Inglis, who recently retired as national cyber director, is the primary author of the document, CyberScoop reported.

According to a draft of the strategy online magazine Slate obtained, the government would also impose mandatory regulations on critical infrastructure companies in the United States to improve their cyber defense and authorize intelligence and law enforcement agencies to attack the computer networks of criminals and foreign governments in response to their hacking efforts directed at U.S. systems.

The FBI’s National Cyber Investigative Joint Task Force would be in charge of facilitating a continuous campaign to take down hostile networks in coordination with all relevant U.S. agencies. Private companies would also participate in the effort to immediately alert the agencies of potential cyberattacks and help prevent cyber incidents using their technologies.

Ransomware is among the common attack methods cybercriminals use. In 2022, cybersecurity company NordLocker published new research showing that 46 percent of ransomware attacks targeted U.S. companies, with Michigan entities identified as the most affected by such incidents.