The White House this week released a new National Cybersecurity Strategy aimed at better protecting people, businesses and the government from cyberattacks. One key piece of its approach is to put more responsibility on tech and software companies for making sure their products are secure.

Cybersecurity is increasingly critical to national security and the economy.

“Ten years ago, when the Obama administration would put out a cybersecurity thing, nobody cared,” said Chris Bronk at the University of Houston. “Now, it’s like front-page news.”

Bronk said that’s because everything is connected now. 

“Suddenly, the stakes are a lot higher,” he said. “I mean, it’s one thing for your computer to fail and eat your thesis, it’s another problem if your computer fails and crashes your car.”

Or if a hospital’s computer system crashes. Or the power grid goes down.

“We cannot just rely on consumer behavior for people to keep themselves safe and secure,” said Clar Rosso, CEO of (ISC)², an association of cybersecurity professionals. “We have to also be able to rely on the developers of technology to prioritize security.”

Until now, the government has largely been relying on companies to do that voluntarily.

“Certain companies are extremely responsible, others are not,” said Susan Landau, professor in Cyber Security and Policy at The Fletcher School at Tufts University. She said it makes sense that the administration wants to require companies to take more responsibility. 

“The problem is that this doesn’t have concrete steps to do it, it has to be followed up by legislation,” Landau said. But, she said, that may be tough to get through Congress.

Correction (March 3, 2023): A previous version of this story misspelled Susan Landau’s name.