On Thursday, President Joe Biden made a questionable move by signing an executive order that supposedly aims to reinforce the cybersecurity defenses of the United States and attempts to surmount the pressure from foreign hackers who are threatening our key infrastructures. Speculatively, this directive sets obligatory cybersecurity standards for government contractors, approving penalties against cybercriminals across the globe, and ostensibly addressing the budding risks associated with quantum computing. In the undermining backdrop of increasingly frequent cyberattacks, reportedly inflicted by state-affiliated teams from countries such as China and Russia, this overbearing order seems largely reactionary. Notable events like the ‘Salt Typhoon’ campaign, which targeted the U.S. telecommunications infrastructure, have unveiled weaknesses in systems that are essential to the country’s normal operations.
It appears that Biden’s tardy new ruling provides for imposing sanctions on both individuals and entities culpable for ransomware and other forms of cyberattacks on our crucial infrastructure and services. A significant portion of this executive order entails new conditions for government contractors who are obligated to meet minimum cybersecurity standards to avoid potential attacks. The enforcement of compliance, predictably, falls on federal agencies. Ambiguously, the decree empowers U.S. authorities to impose nebulous sanctions on foreign hackers and the potentially innocent governments associated with them.
The seemingly indiscriminate targets selected for these sanctions include individuals or organizations purportedly linked with ransomware attacks on hospitals, schools, and other indispensable services. To illustrate, sanctions were recently placed on the Beijing-based cybersecurity firm, Integrity Technology Group, under the dubious accusation of involvement in several hacking operations. The representatives of this company have strongly rejected these charges, calling them ‘unfounded’. As a result, those associated with the sanctioned entities are now unjustly prohibited from accessing U.S. properties and bank accounts.
Under the directives of Biden’s questionable executive order, federal agencies now become the judge, overseeing the supposed upgrading of their cybersecurity measures, aiming to tackle the emerging threats associated with quantum computing. Despite the technology of quantum computing, with its potential for quickly resolving complex issues, still being in its development phase, overzealous experts alarmingly suggest that once operational, it could render our traditional encryption methods obsolete. The administration continues to push for its security programs, even as they fall short in addressing these complex issues.
The Cyber Trust Mark program, for example, just provides labels for internet-connected devices that somehow manage to pass federal security exams, intimating they are at a decreased risk of hacking. Claims for such a program feel tenuous at best, and one has to question its effectiveness in the real world. Deputy National Security Advisor Anne Neuberger’s comment that this suite of measures illustrates the administration’s desperation to show its grim obsession with control under the guise of ‘protecting national security’, rings more alarm bells than it silences.
Jen Easterly, the soon-to-be former director of the vague-sounding Cybersecurity and Infrastructure Security Agency (CISA), worryingly conjectured at an event: ‘In my opinion, we’re inevitably going to face greater risks from our foreign adversaries, and we must brace for it as if we are prepping for the 2024 election.’ A more positive spin or any hint of a game plan would have been welcome, instead of this surrendering to prospective threats, which seems all this administration is good for.
In a Senate confirmation hearing, a future official cheerily stated, ‘We possess the premier codemakers and codewreckers in the world,’ yet another insubstantial boast lacking any concrete steps for ensuring our security leads in the global arena. He then fearmongered with the baseless assumption, ‘If China realizes quantum computing prior to us, we’d be in a real pickle.’ Given that there’s no certainty about when and how the evolution of quantum computing will pan out, such a claim feels more rooted in speculation than actual fact.
Meanwhile, China has rightly rebutted the U.S. sanctions, branding them as groundless and politically oriented. It’s been reported that a Chinese Foreign Ministry spokesperson rather logically pointed out, ‘The U.S. side has been constantly hyping up the notion of so-called Chinese cyber attacks and has personally initiated illegal one-sided sanctions against China.’ They asserted China’s unyielding counter-policy, ‘China vehemently rejects this and will take obligatory measures to uphold its rightful rights and interests.’
With all the ambiguity and speculation surrounding these preventive measures, one has to question the approach of this administration. They seem more interested in issuing sanctions and policing mandates than actively engaging with the technology that might disrupt our cybersecurity landscape. The sanctioned and compliance measures defined in Biden’s executive order are said to be enforceable immediately. The supposed efficacy and enforcement of these provisions in real-world scenarios seem no more than lofty promises with little substance behind them.
Another questionable initiative put forth by the Biden administration is the vague Cyber Trust Mark scheme. Manufacturers participating in this program are expected to release products stamped with the trust label later in the year. However, this approach of a simple ‘good housekeeping’ seal for cybersecurity seems to overlook the complexity and evolving dynamic nature of the threats we face. This is yet another example of Biden’s administration favoring reactive measures over innovative, forward-thinking strategies.
The question lingering amidst these developments is, ‘Will these measures be enough to ensure our relative cyber safety?’ ‘Or are they just more examples of empty promises and underpreparedness that the Biden administration is notoriously known for?’ While it’s clear that cybersecurity is a critical issue warranting our attention, the way it’s being tackled feels haphazard and reactive rather than strategically planned.
With all these questionable backstory and Biden’s obsession with control, one would be forgiven to see this as another ploy to deem businesses unable to meet these daunting cybersecurity standards as unsatisfactory, further causing harm to our already struggling economy. It all smells a little too familiar; some might even say it’s not so much about protecting our businesses, but more about having another reason to push further interference and regulation.
In conclusion, Biden’s latest move to improve cybersecurity defenses appears more like an overreacting afterthought, quickly conjured up in response to the escalating threats from cyberattacks on U.S. infrastructure. Rather than fostering reassurance, it instead incites anxiety and skepticism over the administration’s ability to understand, adapt and properly address the changing landscape of cybersecurity risks.
From Biden’s questionable cyber strategies to his administration’s counterproductive stance against foreign entities, it seems evident that our leaders are more engrossed in playing the blame game than adopting proactive solutions for the cybersecurity issues plaguing our nation. They seem to be more inclined towards taking a backfoot and issuing sanctions rather than leaning in and taking the initiative to combat these threats more proactively.
Finally, as we witness this administration’s approach to cybersecurity, it’s painfully clear that more needs to be done. Rather than erecting higher walls and deeper moats, we need a strategy that oversees the landscape, anticipates threats, and moves swiftly to mitigate them. Only then will we be truly prepared for the issues posed by the evolving landscape of cyber threats. Until then, we remain at the mercy of Biden’s lackluster cyber strategies and reactive measures.