WASHINGTON — The White House announced a new strategy Wednesday to strengthen cybersecurity across the federal government after a string of high-profile attacks against U.S. agencies and private companies in the last two years.
The U.S. will adopt a "zero trust" approach, meaning the federal government will assume that no actor, system, network or service operating outside or within the security system is trusted, according to a memo from the acting director of the Office of Management and Budget, Shalanda Young.
The White House said in a statement that the "growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data."
The Log4j vulnerability, a bug in a widely used piece of computer code that was discovered last year, was the "latest evidence that adversaries will continue to find new opportunities to get their foot in the door," the White House said.
The new strategy requires federal officials to use several layers of security when they sign on to agency networks, and it requires agencies to boost internal network protection through various methods, such as inviting independent experts to assess levels of security.
Agencies were given until the end of fiscal year 2024 to meet the goals.
President Joe Biden signed an executive order in May that required IT service providers to share certain information about cyber breaches with the government. The order modernized and implemented stronger cybersecurity standards, established standards for software sold to the government and created an "energy star" label so consumers understand whether software was developed securely.
The Biden administration emphasized the importance of upgrading the government's cybersecurity after the 2020 SolarWinds cyberattack — a widespread breach that tore into U.S. government agencies and dozens of corporations — as well as attacks last year by Chinese hackers who broke into federal networks.
The White House has also urged private companies to boost their defenses. There were number of high-profile cyberattacks against private organizations last year, including attacks against the world's largest beef supplier and a major fuel supplier, which slowed critical U.S. supply chains.