President Biden is about to approve a policy that goes much farther than any previous effort to protect private companies from malicious hackers—and to retaliate against those hackers with our own cyberattacks.
The 35-page document, titled “National Cybersecurity Strategy,” differs from the dozen or so similar papers signed by presidents over the past quarter century in two significant ways: First, it imposes mandatory regulations on a wide swath of American industries. Second, it authorizes U.S. defense, intelligence, and law-enforcement agencies to go on the offensive, hacking into the computer networks of criminals and foreign governments, in retaliation to—or preempting—their attacks on American networks.
“Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the document states in a five-page section titled “Disrupt and Dismantle Threat Activities,” according to a draft exclusively viewed by Slate. (The document has not yet been publicly released, though it will be after Biden signs it, an event anticipated sometime this month.)