US unveils new cyber security strategy with tougher regulations

By Suzanne Smalley

(Reuters) – The White House on Thursday announced a new cybersecurity strategy in the latest effort by the U.S. government to strengthen its cyber defenses amid a continued rise in hacking and digital crimes targeting the country.

The strategy, which is intended to guide future policy, calls for stricter regulation of existing cybersecurity practices across industries and improved collaboration between government and the private sector.

It comes after a series of high-profile hacking incidents by domestic and foreign actors against the United States and amid military conflicts between Russia and Ukraine, where cyber warfare has featured prominently.

The strategy identifies China and Russia as the most prominent cybersecurity threats to the United States. In a call with reporters, a U.S. official, speaking on condition of anonymity, said part of the new strategy was aimed at reining in Russian hackers.

“Russia is serving as a real safe haven for cybercrime, and ransomware is a major problem we’re dealing with today,” the official said.

Ransomware attacks, where cybercriminals seize control of a target’s system and demand a ransom, are among the most common types of cyberattacks and have affected various industries in recent years.

“The criminal justice system will not be able to solve this problem – we need to look at other elements of national power,” the official added. “So we are hopeful that Russia understands the consequences of malicious activity in cyberspace and will exercise restraint.”

The strategy calls for alliances with foreign partners “to pressure Russia and other malign actors to change their behavior,” said a second U.S. official, who declined to be named.

“I think we have seen some success over the last year in sustaining these alliances,” the official added.

Among other things, the strategy calls for improving standards for patching vulnerabilities in computer systems and implementing an executive order that would require cloud companies to verify the identities of foreign customers.

(Reporting by Suzanne Smalley and Zeba Siddiqui; Editing by Leslie Adler)