The Biden national cyber strategy is unlike any before it

Below: The social security numbers of nearly 2,000 high-profile visitors to the Trump White House were exposed on a government website. First:

For the first time, regulation is on the menu of a national cybersecurity strategy

The Biden administration is nearing publication of a national cybersecurity blueprint that for the first time embraces a major role for regulation.

The strategy, which is a sea change from past blueprints, will arrive in the aftermath of a series of major cyberattacks — such as the 2021 Colonial Pipeline ransomware attack, which sparked a fuel panic on the East Coast — that prompted the administration to rethink voluntary measures.

In response, the Biden administration has issued or is in the process of issuing a number of cybersecurity regulations using preexisting executive branch powers, such as requirements for key pipeline operators to develop detailed plans for responding to cybersecurity incidents. Congress, too, passed legislation requiring critical infrastructure owners and operators to disclose to the federal government within 72 hours when they suffer a major cyberattack.

The forthcoming strategy, led by National Cyber Director Chris Inglis’s office in the White House, builds on that approach, according to senior administration officials who spoke on the condition of anonymity because the document is not yet public.

• President Biden is expected to sign the document, which is moving through the final stages of interagency approval involving more than 20 departments and agencies, in the coming weeks.
• My colleague Ellen Nakashima and I wrote a preview Thursday evening of the forthcoming strategy, and I’m sharing some other details and insights here.

“The thrust of it is to say both the administration will continue to use existing authorities where we have those, as well as work with Congress to fill in gaps in regulation,”…