Jul 14 – In Washington D.C., White House officials have published implementation plans pertaining to a new National Cybersecurity Strategy, which aims to strengthen the software supply chain and to advance public-private partnerships.
Increasing the resilience of the market overall is a key focus. Efforts are underway to establish a long-term software liability framework and to reduce gaps in software bills of materials (SBOMs), ensuring that unsupported software is not used to build critical infrastructure elements.
The Cybersecurity and Infrastructure Security Agency (CISA) is due to work with the private sector, non-profits, the open-source community and academia to develop and implement secure-by-design software and hardware.
The corresponding White House fact sheet states that the plan ensures that America’s largest, most capable and best-positioned entities – in both the public and private sectors – assume a greater share of the burden for mitigating cyber risk.
Additional requirements have been outlined for private sector firms, as to improve the speed and cohesiveness of reporting following cyber incidents.
Catastrophic incident support
The concept of a Federal Cyber Insurance Backstop, which would enable the U.S. government to provide assistance and support in the event of a catastrophic incident, is also under consideration. This could, however, lead to an uncertain cyber insurance market.
To build a more resilient future, the government is expected to invest heavily in research for and the development of memory-safe programming languages and quantum-resistant cryptographic algorithms. In the near future, the latter will be critical in protecting encryption.
Plans are structured around five central tenants. These include: Defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces and driving security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals.
All-in-all, more than 65 initiatives for improving the federal, public and private cyber security landscape are or will be underway.
The White House indicated that the new strategic plan will exist as a “living document,” which will be updated annually in accordance with technological advancements, evolving needs and ambitions for U.S. defense.
Experts say that the new strategy assigns time-bound goals and initiatives to appropriate government agencies. It also provides direction around how to achieve the strategy’s clear objectives. As noted previously, the plan primarily focuses on building resilience both now and into the future.
Get more information here or see CyberTalk.org’s latest cyber resilience insights. Lastly, to receive more timely cyber security news, insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.