Biden’s national cyber strategy to move risk from end users to technology producers

The Biden administration’s long-awaited national cyber strategy calls for “fundamental shifts” in how the U.S. will protect itself in cyberspace, a senior official told the Munich Cyber Security Conference on Thursday.

Kemba Walden, the acting national cyber director, said the new strategy will entail a move to lift the “responsibility for cybersecurity risks… off of end users and put it on to producers.” It would also entail shifting the burden from state governments to the federal level. 

Speaking in a fireside conversation with former Cybersecurity and Infrastructure Security Agency head Chris Krebs, Walden’s comments shed light on the delayed strategy, which was announced by the recently departed cyber chief Chris Inglis. Walden took over as acting director on Wednesday.  

Walden said the plan would “hopefully” be published soon but cautioned that “the strategy is only as good as the implementation plan.” She characterized it as “forward-leaning and quite bold.”

“We’ve been playing whack-a-mole for a long time. We’ve been allowing the adversary in a lot of ways to set our agenda. This is our opportunity now to get in front of that,” she said. 

“And then what do you do with that residual risk? We have to incentivize long-term strategic investment. That means ensuring that the technology, the people, and the process remain resilient, remain reliable, and remain safe.”