Short Takes – 3-3-23 – Cybersecurity Strategy Issues

National Cybersecurity Strategy – 2023. WhiteHouse.gov publication.

Highlights from the New U.S. Cybersecurity Strategy. KrebsOnSecurity.com article. Pull quote: ““Market forces are leading to a race to the bottom in certain industries, while contract law allows software vendors of all kinds to shield themselves from liability,” Fox said. “Regulations for other industries went through a similar transformation, and we saw a positive result — there’s now an expectation of appropriate due care, and accountability for those who fail to comply. Establishing the concept of safe harbors allows the industry to mature incrementally, leveling up security best practices in order to retain a liability shield, versus calling for sweeping reform and unrealistic outcomes as previous regulatory attempts have.””

National cyber strategy faces major implementation challenges, experts say. FCW.com article. Pull quote: ““I’ll say about implementation, Congress gave us the authority to be able to lead this coordinated interagency implementation, but we have a lot of work to do, especially when we talk about regulatory harmonization, when we talk about shifting liability, these are multi-year efforts,” she said. “We are going to find gaps and Congress will need to lean in to help us get where we need to go. It’s a symphony, not a single movement. This is an ongoing process.””

Biden administration unveils long-awaited national cyber strategy. TheHill.com article. Pull quote: ““We’re elevating our work on ransomware declaring it a threat to national security rather than just a criminal challenge,” said Anne Neuberger, White House deputy national security adviser for cyber and emerging technology, during the call.”

Three Quick Takeaways from Biden’s National Cybersecurity Strategy. Blog.Adolus.com post. Short post, good insights. Pull quote: “Now for the moment, this applies only to federal systems, but — as has become blindingly obvious — any rules laid out for federal agencies will apply to the public sector in short order. What's this going to mean for all the legacy equipment out there in industrial environments cheerfully communicating over Modbus?” (repeat from yesterday)