Saturday, November 23, 2024, 03:11 (GMT+7)

Events and Comments

Saturday, March 30, 2024, 17:26 (GMT+7)
A brief of the US Cybersecurity Strategy

In March 2023, the administration of President Joe Biden announced the National Cybersecurity Strategy to further promote the US’s priorities initiated in the 2018 Comprehensive National Cybersecurity Initiative. Moreover, it developed additional content with notable focuses on mitigating cybersecurity tasks and protecting national interests.

The rapid advancement of digital technology since 2010 has changed the way of interacting, exchanging, and sharing information among nations, regional and international organisations, businesses, and individuals worldwide, facilitating governments, organisations, and individuals in different activities, particularly in social management, production and business, and international integration. Many experts argue that although the trend of globalisation is slowing down in certain fields, such as science and technology and trade and investment, it will continue to “accelerate” in the foreseeable future thanks to digital connectivity. However, digital connectivity also brings negative impacts, affecting the economic, cultural, social, national defence, security, and foreign affairs policies of several countries, such as personal data leaks, copyright and intellectual property infringement, misinformation, hackers penetrating critical infrastructure, especially in areas of national defence, security, and foreign affairs.

Challenges facing the US

In recent years, some US officials have publicly criticised the country for having to deal with many serious cyberattacks that have affected national security, including attacks on electoral processes and the use of ransomware (a malicious code) to extort money. To minimise cybersecurity risks, protect national interests, balance the roles and responsibilities between the government and private sector, and advance the nation’s priorities, on 02 March 2023, the administration of President Joe Biden announced the National Cybersecurity Strategy. The Strategy identified security threats to the US from both state and non-state actors, emphasising that countries such as Russia, China, Iran, and North Korea are exploiting cyberspace to pursue goals that are contrary to international standards, posing threats to US interests and security. Furthermore, it asserted that the Russian government has used cyberspace capabilities to interfere in the internal affairs of several countries, undermining the relations between the US and its allies and eroding the “international order”. Meanwhile, North Korea and Iran have developed increasingly sophisticated cyber capabilities, using them to avoid sanctions, generate revenue for their nuclear programmes, and offset economic losses caused by sanctions. This Strategy also regards China as the biggest threat to the US government and businesses, alleging that China has expanded its cyber campaign to “steal” intellectual property and high technology, thus damaging US interests over the past decade.   

Additionally, the US government believes that non-state actors and cybercriminal groups also damage the country’s economy, amounting to billions of dollars annually. Many cybercriminal groups operating in countries without cooperation mechanisms with the US have posed challenges for US law enforcement agencies. According to an analysis by the online security service Comparitech, ransomware attacks cost US businesses approximately $21 billion from 2018 to 2023. Notably in 2021, the US witnessed an unprecedented cyberattack when hackers penetrated the critical oil pipeline operating system of the Colonial Pipeline company, causing a severe fuel shortage in the Eastern region and forcing this company to pay $5 million to recover 100 gigabytes of important data. In 2022, each US business had to spend around $4.1 million on average for anti-hacker forces.

New adjustments

In response to the aforementioned cybersecurity challenges, the National Cybersecurity Strategy set the goal of strengthening the cybersecurity environment, ensuring criteria that are easy to protect, sustainable, and based on core values. In other words, the US cyberinfrastructure needs to be adjusted to operate more smoothly, efficiently, and cost-effectively in order to minimise the negative impact of cyberattacks or system failures to reflect core American values such as freedom, safety, and openness. To achieve this goal, the Strategy points out two overarching directions as follows: (1) shifting the responsibility of cybersecurity protection from individuals, small businesses, and local governments to large technology corporations with sufficient resources and capabilities, responsible for building, operating, and maintaining domestic network systems; (2) government agencies are ready to invest and intervene to build a durable and easily defendable digital ecosystem in the long term. Enterprises and corporations are required to comply with minimum technology requirements and standards and may be held legally responsible for violations. With these directions, the primary responsibility for US national cybersecurity now lies with technology corporations, while government agencies still play a crucial, leading role in ensuring the security of government networks and supporting the private sector in fulfilling cybersecurity obligations.

To effectively implement the National Cybersecurity Strategy, the administration of Joe Biden prioritises five groups of measures. The first group aims to protect critical infrastructure by establishing mandatory security requirements and standards for vital sectors, promoting public-private cooperation, modernising federal network systems, and updating federal network incident response plans. The second group focuses on neutralising actors (adversaries) posing cybersecurity threats to the US by utilising all national measures and tools, including diplomatic, intelligence, military, financial, and legal measures. Among the risks, ransomware threats are listed as national security threats that the US will use all national measures, tools, and resources, combined with promoting international cooperation, to prevent and dismantle. Currently, Washington has implemented the Counter Ransomware Initiative (CRI) with the participation of over 30 countries to share information and coordinate policies and actions among members. The third group involves government intervention to regulate market dynamics through incentives (subsidies and federal tax incentives) for cybersecurity infrastructure projects that ensure security and resilience. Moreover, the US government assigns legal responsibility to businesses and corporations that fail to manage data properly or provide unsafe technology products and services. The fourth group involves mobilising investments for the future from both the public and private sectors, increasing federal budget allocations for research and development of new-generation cybersecurity technologies, which focus on quantum encryption and the formulation of a national strategy to develop a cybersecurity workforce. The fifth group aims to promote international cooperation in two directions: enhancing capabilities for allies and partners to defend themselves against cyber threats and collaborating to address threats, build a cyberspace ecosystem based on shared values, and establish common security standards through existing mechanisms such as the Declaration for the Future of the Internet (DFI), the Quad, the Indo-Pacific Economic Framework (IPEF), US-EU International Trade Commission (ITC). Thus, the new Strategy puts more emphasis on the goal of coordinating with “like-minded” countries in establishing a safe and sustainable global digital ecosystem, building “clean” 5G supply chains and new-generation wireless network infrastructures.

According to international researchers, President Joe Biden’s administration’s National Cybersecurity Strategy inherits elements from the Strategy of its predecessor government, such as emphasising the role of cyberspace as a component of national power, leveraging the role and responsibilities of the private sector, investing in science and technology, and enhancing international cooperation. However, there are several new adjustments, notably the addition of the “security” component, demonstrating the administration’s high priority on national security factors, equating cyberattacks with national security threats, and placing greater responsibility on technology businesses and corporations.

Prospects of the Strategy

In reality, the efforts to strengthen and establish new standards and regulations in the field of cybersecurity were implemented early by President Joe Biden’s administration, notably the executive order on cybersecurity standards for US government agencies, software contractors, and request for federal information technology agencies to provide data related to cyberattacks (May 2021). The fact that administrations of two different presidents have issued strategic documents on the same topic shows that the US considers cyberattacks a severe challenge and identifies it as a long-term “battle”. In July 2023, the White House announced the Implementation Plan for the National Cybersecurity Strategy with many specific initiatives. At the end of October 2023, President Joe Biden signed an executive order requiring the establishment of safety standards for artificial intelligence (AI) technology, which is the first executive order on AI.

Basically, Washington’s new Cybersecurity Strategy, which includes tightening cybersecurity standards for technology corporations and protecting critical infrastructure against attacks from adversaries and major countries, receives support from Congress and the American people. Accordingly, technology corporations are investing more in cybersecurity. This is a crucial foundation signalling favourable conditions for the White House’s efforts to implement this Strategy. However, the US government’s involvement in various fields across different regions has generated opposing forces and fierce competition among major countries, leading to increased and more complex security instability in general and US cybersecurity in particular. Additionally, some aspects of this Strategy that require legal changes, especially in establishing legal responsibilities for the private sector, will take considerable time and may face certain hindrances from businesses. Some countries openly oppose the US’s tightened cybersecurity measures and are promoting the construction of their own “ecosystems”. Nonetheless, many experts believe that regardless of whether the Democratic Party or the Republican Party wins the race to the White House, cybersecurity will remain a priority for the US.

Dr. NGUYEN HONG QUANG, Deputy Director of the Americas Department, Ministry of Foreign Affairs

Your Comment (0)

Tiếng việt
中文
Highlights
Great Value and Vision Beyond Time in President Ho Chi Minh’s Testament
Great Value and Vision Beyond Time in President Ho Chi Minh’s Testament
The sacred testament left behind by President Ho Chi Minh for the entire Party, the people, and the army before his passing is considered a “National Treasure”, which reflects his sincere emotions, profound wisdom, noble ethics, open-heartedness, kindness, and tolerance, along with his visionary outlook beyond the times.

Registered at Ministry of Information and Communications No. 478/GP-BTTTT 27-7-2021.

Editor-in-chief: Major General Ta Quang Chuyen, MA.

Deputy Editors-in-chief: Senior Colonel, Associate Professor Nham Cao Thanh, PhD.; Senior Colonel Hoang Van Truong, MA.; Senior Colonel Nguyen Manh Tuan, MA.

Copyright © National Defence Journal 2013. All rights reserved

Add: 38A Ly Nam De str – Hoan Kiem dist – Hanoi

Tel: (024)38.457.044 – Fax: (024)37.479.956  - Email: tkts@tapchiqptd.vn; thukytoasoan.qptd@gmail.com