By: Paige Hastings

 

 

 

 

On March 2, the Biden-Harris Administration released a new National Cybersecurity Strategy (The Strategy) to create a “safe and secure digital ecosystem for all Americans.”[1] In different contexts, the specific meaning of cybersecurity can vary, but cybersecurity policies are extremely important on the national, local, and individual levels.[2]

The Strategy calls for defending critical infrastructure, disrupting security threats, shaping market forces by allocating responsibilities, investing in a plan for lasting innovation, and creating international partnerships to pursue common technology goals.[3] These actions are meant to handle hacking threats more aggressively, disrupt intruders of U.S. computer networks, and hold companies more accountable.[4] The establishment of minimum security standards could force software manufacturers and technology companies to take on the burden of implementing more secure software and better protect consumers.[5] The heightened accountability would be a significant shift from current insufficiencies in holding technology companies responsible for securing user accounts and information.[6]

The United States’ sectoral approach to technology law means many different cybersecurity laws and regulations create a patchwork of protection.[7] Recent threats from hackers, cyberterrorists, and data breaches have led to an increased examination of the U.S.’s regulatory approach.[8] Instead of calling for omnibus legislation, The Strategy addresses regulatory inadequacies by recognizing the need to renovate existing policies.[9]

The revamp would include building on, harmonizing, and streamlining our to empower the current frameworks’ support of national security and public safety.[10] The Strategy will “use existing authorities to set necessary cybersecurity requirements in critical sectors. … (and) leverage existing cybersecurity frameworks,” such as CISA’s Cybersecurity Performance Goals to accomplish these directives.[11] Implementing existing guidelines, like the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, will hopefully result in stricter security obligations and could lead to noticeable advancements more quickly.[12] Despite its potential for expediency, the Strategy’s method might be difficult to enforce without a legislative overhaul and before the next presidential election.[13] Existing policies have been criticized for their inability to control large technology and software companies like Meta Platforms, Inc., Amazon.com, Inc., Google, and Apple Inc., so cybersecurity infrastructure may not be equipped to effectuate the goals of responsibility and accountability The Strategy hopes to produce.[14]

Concerns, interest, and public outcries over data security have been increasing.[15] Increased awareness of companies profiting from lax data security systems and personal information, along with high-profile data breaches, has heightened concerns about cybersecurity in the private sector.[16] Data breaches and the subsequent abuse of private information are especially alarming when consumers lack the know-how and power to protect their data.[17] The responsibility for data security must shift from consumers to large, private sector software companies for advancements in consumer data protection.[18] On a national level, awareness of cyberterrorism dangers has also risen due to conflicts with Russia and risks from platforms like TikTok.[19] Americans have been especially captivated by considerations to ban TikTok in response to its potential threats.[20]  Success of The Strategy could prevent taking such drastic and potentially censoring measures by fortifying our national data protection systems.

Effective collaboration will be integral to successfully executing The Strategy and establishing safer internet use for consumers and our nation.[21] The proposed changes involve government regulation, oversight, enforcement, and participation from large companies and the public.[22] Although it may seem like a lofty request, the interconnected nature of modern society coupled with technological developments means that cyber threats are constant, evolving, and not exclusively important to national security. These dangers affect individuals, organizations, and entire societies, making participation on every level not just important but unavoidable.[23] The private sector, its infrastructure, services, and market power, must take proactive steps to safeguard data. Technology and software companies need to shoulder the additional responsibility The Strategy seeks to impose, potentially over economic interests, to improve the storage and protection of consumer information.  Additionally, the public needs better education about cyber risks so that they may take effective protective action. Our government can provide regulatory frameworks, intelligence, and resources for cyber protections, but it cannot do it alone. Only through an alliance with individuals and companies can The Strategy, and its underlying principles, create the strong and resilient cybersecurity ecosystem that we need.

 

 

 

 

 

 

[1] Press Release, The White House, Fact Sheet: Biden-⁠Harris Administration Announces National Cybersecurity Strategy (Mar. 2, 2023)(available at https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/).

[2] Jeff Kosseff, Defining Cybersecurity Law, 103 Iowa L. Rev. 985, 987-989 (2018); See Cybersecurity Act of 2015, Pub. L. No. 114-113, Div. N, § 1(a), 129 Stat. 2935 (codified at 6 U.S.C.A. §§ 1501–10 (West 2016)) (neglecting to set forth a definition for cybersecurity); See What is Cybersecurity?, Cybersecurity & Infrastructure Security Agency: News (Feb. 1, 2021), https://us.norton.com/blog/privacy/privacy-vs-security-whats-the-difference; Jessica Farrelly, High-Profile Company Data Breaches 2023, Electric: Blog (Mar. 7, 2023), https://www.electric.ai/blog/recent-big-company-data-breaches; Christopher Yasiejko, Prisma Labs Sued Over Lensa AI App’s Biometric Data Harvesting, Bloomberg Law: News (Mar. 14, 2023, 7:00 PM), https://www.bloomberglaw.com/product/privacy/bloomberglawnews/privacy-and-data-security/BNA%2000000186c7fbd31ba1afc7ff57430002?bna_news_filter=privacy-and-data-security ; Skye Witley, 2023’s Largest Health Data Breach So Far Brings Legal Flurry, Bloomberg Law: News (Mar. 14, 2023), https://www.bloomberglaw.com/product/privacy/bloomberglawnews/privacy-and-data-security/BNA%2000000186c7fbd31ba1afc7ff57430002?bna_news_filter=privacy-and-data-security; Naureen S. Malik, US Cyber Official says China is ‘Big Threat’ to Energy Industry, Bloomberg Law: News (Mar. 10, 2023, 10:10 AM), https://www.bloomberglaw.com/product/blaw/bloomberglawnews/privacy-and-data-security/XCCTHRIK000000?bc=W1siU2VhcmNoICYgQnJvd3NlIiwiaHR0cHM6Ly93d3cuYmxvb21iZXJnbGF3LmNvbS9wcm9kdWN0L2JsYXcvc2VhcmNoL3Jlc3VsdHMvOWJjODc5MmQ0YzMwZmQ3OGY0OTI4NDg5MjA1NGYyMTAiXV0–eab7eb50a376d38e48393a7a5bf008d82883e40c&bna_news_filter=privacy-and-data-security&criteria_id=9bc8792d4c30fd78f49284892054f210; Russia Cyber Threat Overview and Advisories, Cybersecurity & Infrastructure Sec. Agency, https://www.cisa.gov/russia (last visited Mar. 15, 2023); Press Release, The White House, Statement by President Biden on our Nation’s Cybersecurity (Mar. 21, 2022) (available at https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/).

[3] President Biden, National Cybersecurity Strategy, The White House 4 (Mar. 1, 2023), https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf.

[4] Ben Kochman, 4 Highlights From Biden’s Beefed Up Cybersecurity Strategy, Law360: Analysis (Mar. 2, 2023, 10:20 PM), https://www.law360.com/articles/1581635/4-highlights-from-biden-s-beefed-up-cybersecurity-strategy.

[5] Id.; National Cybersecurity Strategy, supra note 6, at 8-10.

[6] Katrina Manson, Cyber Plan Would Hold Software Makers Responsible in Hacks, Bloomberg Law: Privacy & Data Sec. (Mar. 2, 2023, 3:34 PM), https://news.bloomberglaw.com/privacy-and-data-security/biden-cyber-plan-would-hold-software-makers-responsible-in-hacks.

[7] Janine S. Hiller et al., Cybersecurity Carrots and Sticks, Am. Bus. L. J., (forthcoming 2023) (manuscript at 20-30) (available at https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID4322819_code354835.pdf?abstractid=4322819&mirid=1); Jeff Kossef, Updating Cybersecurity Law, Hous. L. Rev., (forthcoming 2023) (manuscript at 8-24) (available at https://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID4364356_code3083727.pdf?abstractid=4364356&mirid=1).

[8] Jeff Kosseff, supra note 2, at 1001-1005; Skye Witley et. al., Why TikTok App Bans are Trending Across the US: Explained, Bloomberg Law: Privacy & Data Sec.(Mar. 8, 2023, 5:05 AM), https://www.bloomberglaw.com/product/blaw/bloomberglawnews/privacy-and-data-security/X4IQMABC000000?bc=W1siU2VhcmNoICYgQnJvd3NlIiwiaHR0cHM6Ly93d3cuYmxvb21iZXJnbGF3LmNvbS9wcm9kdWN0L2JsYXcvc2VhcmNoL3Jlc3VsdHMvOWJjODc5MmQ0YzMwZmQ3OGY0OTI4NDg5MjA1NGYyMTAiXV0–eab7eb50a376d38e48393a7a5bf008d82883e40c&bna_news_filter=privacy-and-data-security&criteria_id=9bc8792d4c30fd78f49284892054f210; Christopher Bing, Russian Hackers Preparing New Cyber Assault Against Ukraine – Microsoft Report, Reuters: Technology (Mar. 15, 2023, 3:09 PM), https://www.reuters.com/technology/russian-hackers-preparing-new-cyber-assault-against-ukraine-microsoft-report-2023-03-15/.

[9] National Cybersecurity Strategy, supra note 6, at 5-9.

[10] Id. at 8.

[11] Id.

[12] Id.

[13] Katrina Mason, supra note 8.

[14] Id.

[15] Christopher Brown, Website-Browsing Surveillance Suits Erupt After Appellate Ruling, Bloomberg Law: News (Sept. 23, 2022, 4:45 AM), https://www.bloomberglaw.com/product/blaw/bloomberglawnews/bloomberg-law-news/BNA%20000001836054d422ada7fbf7e0b90001?bna_news_filter=bloomberg-law-news; Brenna Goth, Florida ‘Digital Rights’ Push Big Tech Into DeSantis Culture War, Bloomberg Law: News (Mar. 15, 2023, 5:00 AM), https://www.bloomberglaw.com/product/blaw/bloomberglawnews/bloomberg-law-news/BNA%2000000186cd69dfddabf6efff1d5a0000?bna_news_filter=bloomberg-law-news.

[16] Brenna Goth & Skye Witley, Data Privacy ‘Panoply’ Looms as States Move to Fill Federal Hole, Bloomberg Law: News (Jan., 19, 2023, 5:01 AM), https://www.bloomberglaw.com/product/privacy/bloomberglawnews/bloomberg-law-news/X8ID0VLS000000?#jcite.

[17] Mason Storm, When the Consumer Becomes the Product: Utilizing Products Liability Principles to Protect Consumers from Data Breaches, 29 Rich. J.L. & Tech. 1, 4-11 (2023); Jen Easterly, The Cost of Unsafe Technology and What We Can Do About It, Cybersec. & Infrastructure Sec. Agency: Blog (Mar. 10, 2023), https://www.cisa.gov/news-events/news/cost-unsafe-technology-and-what-we-can-do-about-it.

[18] Id.

[19] Bing, supra note 12; Josh Liberatore, GAO Warns US Gov’t About ‘Catastrophic’ Cyber Risk, Law360: News (June 22, 2022), https://www.law360.com/articles/1504836?scroll=1&related=1; Malik, supra note 4.

[20] Witley et. al., supra note 12; Anna Edgerton, US TikTok Ban Advances in House After Flurry of China Bills, Bloomberg Law: News (Mar. 1, 2023, 10:29 AM), https://www.bloomberglaw.com/product/blaw/bloomberglawnews/bloomberg-law-news/XF40I5JS000000?#jcite.

[21] National Cybersecurity Strategy, supra note 6, at

[22] Id.

[23] Narenda Sharma et. al., Cost and Effects of Data Breaches, Precautions, and Disclosure Laws, 8 Int’l J. Emerging Trends  Soc. Sci. 33, 36 (2020).

 

Image Source: https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.securitycompass.com%2Fblog%2Fwhite-house-national-cybersecurity-strategy-takes-on-industrys-third-rail%2F&psig=AOvVaw0GUvx07zb0BlqyanViD6ct&ust=1679150033058000&source=images&cd=vfe&ved=0CBAQjRxqFwoTCJifub-X4_0CFQAAAAAdAAAAABAE