Is President Biden’s National Cybersecurity Strategy a good idea?

In this Help Net Security video, Kurtis Minder, CEO of GroupSense, discusses President Biden’s National Cybersecurity Strategy, designed to take the nation’s cybersecurity posture to the next level.

While the strategy promises to make it much easier for government agencies to launch offensive cyberattacks on adversaries, it betrays why the U.S. has fallen behind modern cyber threats.

It’s important to remember that the U.S. started serious offensive cyber operations with Stuxnet in 2010. Since then, the U.S. has engaged in increasing offensive attacks, but the Biden strategy promises to expand them.

Unfortunately, this approach is misguided – the solution to cyberattacks is a stronger defense (boring but effective), not more offense (sexy but ineffective). The reasons for this are legion – ranging from “How realistic is an offense?” when attribution of attacks is so hard (you’d better be sure of attribution before launching an attack!) to the reality that most cyber compromises are because of bad cyber hygiene, not because of a lack of direct response.