With the beginning of the new year, the Biden Administration seems to be checking its list of resolutions from last year and has floated indications that its National Cyber Strategy is coming. According, to news accounts, we should see the new strategy in the next few months.
But, more importantly, the Administration is signaling that they will support regulations requiring baseline cybersecurity much like agencies in the Department of Transportation have already done with respect to pipelines and some rail entities. And, such regulatory requirements are nothing new to some sectors of the U.S. economy like the nuclear industry, large electric utilities, financial services firms, and the defense industry. However, should the Biden Administration actually follow through, this would mark a sea change in U.S. cybersecurity policy, one that would track in some respects with recent changes to European Union policy. Of course, some would point out that it is not so much a sea change as a return to the thinking of some during the first term of the Obama Administration as evidenced in the cybersecurity package Senators Joe Lieberman (I-CT), Susan Collins (R-ME), and Tom Carper (D-DE) could not quite get out of the Senate.
Of course, the Trump Administration published its National Cyber Strategy in 2018, the first update of the Bush Administration’s 2003 National Strategy to Secure Cyberspace. Understandably, the Biden Administration has different policies from the previous White House. Additionally, the new strategy may even rewrite the Obama Administration’s Presidential Policy Directive 21 that sought to reform how the U.S. government addressed cybersecurity.