The White House on Thursday announced a new cybersecurity strategy in the latest effort by the U.S. government to bolster its cyber defences amid a steady increase in hacking and digital crimes targeting the country.
The strategy, which is intended to guide future policy, urges tighter regulation of existing cybersecurity practices across industries and improved collaboration between the government and private sector.
It comes after a series of high-profile hacking incidents by domestic and foreign actors against the United States and amid the military conflict between Russia and Ukraine, in which cyber warfare has featured prominently.
The strategy names China and Russia as the most prominent cybersecurity threats to the United States. On a call with reporters, a U.S. official who declined to be named, said part of the new strategy was aimed at reining in Russian hackers.
“Russia is serving as a de facto safe haven for cybercrime, and ransomware is a predominant issue that we’re dealing with today,” the official said.
Ransomware attacks, in which cyber criminal gangs seize control of a target’s systems and demand ransom payments, are among the most common type of cyber attacks and have impacted a wide range of industries in recent years.
“The criminal justice system isn’t going to be able to on its own address this problem – we do need to look at other elements of national power,” the official added. “So we’re hopeful that Russia understands the consequences of malicious activity in cyberspace, and will continue to be restrained.”
The strategy calls for building coalitions with foreign partners “to create pressure on Russia and other malicious actors to change their behaviour,” said a second U.S. official on the call, who also declined to be named.
“I think we’ve seen some success in sustaining those coalitions over the last year,” the official added.
Among a range of things, the strategy calls for improving standards of patching vulnerabilities in computer systems, and implementing an executive order that would require cloud companies to verify the identity of foreign customers.