El gobierno de EE. UU. lanz\u00f3 recientemente su muy anticipada Estrategia Nacional de Ciberseguridad , impulsando la regulaci\u00f3n obligatoria sobre los proveedores de infraestructura cr\u00edtica y dando luz verde a un enfoque m\u00e1s agresivo de ‘hack-back’ para tratar con adversarios extranjeros y actores de ransomware.<\/p>\n
The U.S. government released its widely anticipated\u00a0National Cybersecurity Strategy<\/strong>\u00a0on Tuesday, pushing mandatory regulation on critical infrastructure vendors and green-lighting a more aggressive \u2018hack-back\u2019 approach to dealing with foreign adversaries and ransomware actors.<\/p>\n As previously reported, the White House plans to use regulation to \u201clevel the playing field\u201d and\u00a0shift liability to organizations<\/a>\u00a0that fail to make reasonable precautions to secure their software.<\/p>\n \u201c[While] voluntary approaches to critical infrastructure cybersecurity have produced meaningful improvements, the lack of mandatory requirements has too often resulted in inconsistent and, in many cases inadequate, outcomes,\u201d the document argues, calling for a dramatic shift of liability \u201conto those entities that fail to take reasonable precautions to secure their software.\u201d<\/p>\n \u201cIn setting cybersecurity regulations for critical infrastructure, regulators are encouraged to drive the adoption of secure-by-design principles, prioritize the availability of essential services, and ensure that systems are designed to fail safely and recover quickly. Regulations will define minimum expected cybersecurity practices or outcomes, but the Administration encourages and will support further efforts by entities to exceed these requirements,\u201d the strategy document argues.<\/p>\n The federal government plans to use existing authorities to set \u201cnecessary cybersecurity requirements in critical sectors\u201d and where there are legal gaps around authority, the White House plans to work with Congress to close them.<\/p>\n The strategy, divided by five pillars, seeks to:<\/p>\n The strategy also gives high-level authorization to law enforcement and intelligence agencies to \u201cdisrupt and dismantle threat actors,\u201d including foreign APT campaigns and data-extortion ransomware groups.<\/p>\n \u201cDisruption campaigns must become so sustained and targeted that criminal cyber activity is rendered unprofitable and foreign government actors engaging in malicious cyber activity no longer see it as an effective means of achieving their goals,\u201d the White House stressed, noting that the federal government will increase the speed and scale of information sharing to proactively warn of looming threats.<\/p>\n \u201cThe Federal Government will work with cloud and other internet infrastructure providers to quickly identify malicious use of U.S.-based infrastructure, share reports of malicious use with the government, make it easier for victims to report abuse of these systems, and make it more difficult for malicious actors to gain access to these resources in the first place,\u201d it added.<\/p>\n The aggressive strategy is meant to preemptively \u201cdisrupt and dismantle\u201d hostile networks by authorizing U.S. defense, intelligence, and law enforcement agencies to hack into the computer networks of criminals and foreign governments.<\/p>\n The White House is also discouraging the payment of data-extortion ransoms to cybercriminals, arguing that \u201cthe most effective way to undermine the motivation of these criminal groups is to reduce the potential for profit.\u201d<\/p>\n \u201cOur goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,\u201d the strategy says.<\/p>\n\n