Governance & Risk Management , Video
Cyber Accountability: US Strategy Puts Onus on Big Tech
Alex O'Neill and Lachlan Price Discuss Key Policies of US Cybersecurity StrategyThe U.S. government wants large corporations to be more accountable for cybersecurity. A key theme in the White House 2023 cybersecurity strategy is shifting responsibility and legal liability onto software publishers rather than keeping the onus on individuals to maintain a secure posture, said Alex O'Neill, national security researcher at Harvard's Belfer Center.
See Also: Expel: Firms Still Threatened by Old Vulnerabilities
"We've seen companies like Microsoft and Google getting on board with the idea that it's on them to ensure a high level of security," O'Neill said. Further incentives, such as tax benefits and workforce development initiatives, will strengthen this model, he said.
The global implications of this shift would be significant, said Lachlan Price, a student at the Harvard Kennedy School and MIT Sloan School of Management. Most major tech providers are based in the United States. "Countries that are not places where those companies are headquartered must pursue partnership strategies with the U.S. in order to affect those changes in their own jurisdictions," he said.
In this video interview with Information Security Media Group at Black Hat 2024, O'Neill and Price also discussed:
- How global governments are encouraging private sector cybersecurity investments;
- The role of local U.S. infrastructure in national cybersecurity efforts;
- How a decentralized cybersecurity strategy affects critical infrastructure protection in the U.S.
O'Neill coordinates the Korea Project at the Belfer Center, managing events and initiatives including the annual Harvard Korean Security Summit. His research focuses on North Korean financially motivated cyber operations, as well as links between North Korean- and Russian-speaking criminals.
Price specializes in enterprise strategy, operations and the application of cutting-edge technologies in national security, including AI, autonomous systems, cybersecurity, quantum computing and biotechnology. Previously, he worked as a consultant at McKinsey & Co., focusing on digital strategy and product development projects in the public sector.