The Biden-Harris administration has relentlessly focused on improving the cyber defenses of the United States, creating a comprehensive approach to “locking our digital doors” and taking aggressive actions to strengthen and secure our nation’s cybersecurity, including:
- Improving the cybersecurity of our critical infrastructure. Most of our nation’s critical infrastructure is owned and operated by the private sector. The administration has worked closely with key sectors — including transportation, banking, water and healthcare — to help stakeholders understand cyber threats to critical systems and adopt minimum cybersecurity standards. It includes multiple performance-based directives by the Transportation Security Administration (TSA) to increase cybersecurity resilience for the pipeline and rail sectors, as well as address cyber requirements for the aviation sector. Through the President’s National Security Memorandum 8 to Improve Cybersecurity for Critical Infrastructure Control Systems, we are issuing cybersecurity performance goals that will provide a baseline to drive investments toward the most important security outcomes. We will continue to work with critical infrastructure owners and operators, sector by sector, to accelerate rapid cybersecurity and resiliency improvements and proactive measures.
- Ensuring the new infrastructure is smart and secure. President Biden’s Bipartisan Infrastructure Act is an investment to modernize and strengthen our nation’s infrastructure. The administration is ensuring that these projects, such as expanding the nation’s network of electric-vehicle charging stations, are built to last, meeting modern standards of safety and security, including cyber defenses. Investments in digital security through the Bilateral Infrastructure Act (BIL) will also bring high-speed internet to underserved parts of the country, while also bridging the digital divide. Also at BIL, the administration launched a first-of-its-kind cybersecurity grant program specifically for state, local and territory (SLT) governments across the country. The State and Local Cyber Security Grant Program will provide SLT partners with $1 billion in funding over four years, with $185 million available for fiscal year 2022, to support SLT efforts to address cyber risks to their information systems and critical infrastructure.
- Strengthening the federal government’s cybersecurity requirements and raising the bar through government purchasing power. Through the President’s Executive Order on Improving the Nation’s Cybersecurity issued in May 2021, President Biden enacted effective cybersecurity measures for all federal government systems, such as requiring multifactor authentication. The administration also released a strategy for budget guidance for implementing a federal zero trust architecture, as well as ensuring that federal agencies align resources to our cybersecurity goals. We are using the federal government’s purchasing power to improve the cybersecurity of products for the first time by requiring security features in all software purchased by the federal government, which improves security for all Americans.
- Combating Ransomware Attacks to Protect Americans Online. In 2021, the administration established the International Counter-Ransomware Initiative (CRI), which brought together partners around the world to combat the ransomware crisis. The White House will host international partners October 31-November 1 to accelerate and broaden this joint work. The group has increased collective resilience, engaged the private sector and disrupted criminal actors and their infrastructure. The United States has made it harder for criminals to move illicit money, approving a series of cryptocurrency mixers routinely used by ransomware artists to collect and “clean” their ill-gotten gains. Many cybercriminals have been successfully extradited to the US to face justice for these crimes.
- Working with allies and partners to deliver a safer cyberspace. In addition to launching the International Counter Ransomware Initiative, the administration has established cyber dialogues with allies and partners to build collective cyber security, build coordinated responses, and develop cyber deterrence. We are taking this work to our most important alliances – for example, establishing a new virtual rapid response mechanism within NATO to ensure that allies can effectively and efficiently support each other in responding to cyber incidents.
- Imposing costs on malicious actors and strengthening our security. The Biden-Harris administration has not hesitated to respond forcefully to malicious cyber actors when their actions threaten American or our partner interests. In April of 2021, we sanctioned Russian cyber actors affiliated with Russian intelligence services in response to the SolarWinds attack. We worked with allies and partners to attribute the devastating hack of the Viasat system to the start of Russia’s war in Ukraine.
- Implementing internationally accepted cyber norms. The administration is committed to ensuring the implementation of internationally negotiated rules to establish cyber “rules of the road.” Most recently, we worked with international partners to condemn Iran’s counter-attack on Albanian government systems and impose costs on Tehran for this legislation.
- Developing a new label to help Americans know their devices are safe. This month, we will bring together companies, organizations and government partners to discuss the development of labels for Internet of Things (IoT) devices so that Americans can easily identify which devices meet the highest cybersecurity standards to protect against hacking and other cyber vulnerabilities. By developing and rolling out a common label for products that meet US government standards and are tested by verified and accredited organizations, we will help American consumers easily identify safe technologies to bring into their homes. We’re starting with the most common, and often riskiest, technologies — routers and home cameras — to deliver the biggest impact, the fastest.
- Building the nation’s cyber workforce and strengthening cyber education. The White House hosted the National Cyber Workforce and Education Summit, which brought together leaders from across government and the cyber community. At the summit, the administration announced a 120-day cybersecurity apprenticeship sprint to help provide skills-based pathways into cyber jobs. Building on the momentum of the summit, the administration is working with partners across society to build our nation’s cyber workforce, improve skills-based pathways to good-paying cyber jobs, educate Americans so they have the skills to thrive in our increasingly digital society, and promote diversity, equity, Improving Inclusion and Accessibility (DEIA).
- Protecting the future – from online commerce to national secrets – By developing quantum-resistant encryption. We all rely on encryption to help protect our data from compromise or theft by malicious actors. Advances in quantum computing threaten that encryption, so this summer the National Institute of Standards and Technology (NIST) announced four new encryption algorithms that will become part of NIST’s post-quantum cryptographic standards, expected to be finalized in about two years. These algorithms are the first group of encryption tools designed to withstand attacks from future quantum computers, which could potentially crack the security used to protect privacy in the digital systems we rely on every day, such as online banking and email software.
- Developing our technological edge through the National Quantum Initiative and issuing National Security Memorandum-10 (NSM-10) to promote United States leadership in quantum computing while reducing risks to vulnerable cryptographic systems. The initiative doubled the United States government’s research and development (R&D) investment in quantum technology, creating new research centers and workforce development programs across the country. NSM-10 prioritizes US leadership in quantum technology by advancing R&D efforts, forming significant partnerships, expanding the workforce, and investing in critical infrastructure; will move the nation to quantum-resistant cryptography; And it protects our investments, companies, and intellectual property as this technology evolves so that the United States and our allies can benefit from advances in this new field without harm from those who would use it against us.