wonderfully unique software solutions

Responsibility shifts towards vendors with US National Cybersecurity Strategy

The US government has called for aggressive regulation as part of its National Cybersecurity Strategy for 2023, ITops company Automox has warned.

Jason Kitka and Peter Pflaster, writing for Automox, noted that this is the first new such plan in five years.

“The goal is to establish a safe digital environment in the US and position the internet as a shield to protect and secure the nation’s people, their freedoms, information, and the economy,” they wrote in a blog post.

According to the Automox writers, vendors must step up to the plate.

The US administration is making vendors more accountable for vulnerabilities and push them towards greater security developments alongside a “big shift” towards attack prevention – rather than compliance and controls or versus nation-state actors.

“This is indeed a new direction,” they said.

Threats have become complex and more dangerous, which means better solutions are needed.

The Automox blog prescribed co-ordinated efforts among “innovators” and more reliable resources, backed by government where needed.

More targeted regulation could however help secure higher-risk institutions such as banks, hospitals, schools, and utilities, with a focus on defence and resilience aligned with values, with “certain products and platforms” built with protective features from their conception.

This might shift some responsibility for good practice from buyers to vendors, Pflaster and Kitka wrote.

The strategy is intended to increase private sector investment in security, collaboration, resilience, and research and development.

“The Office of the National Cyber Director (ONCD) and the Office of Management and Budget (OMB) will issue annual guidance on cybersecurity budget priorities to guide this investment,” the blog noted, based on the US government announcement.

IT and security teams are likely to be interested in Strategic Objective 3.3: Shift Liability for Insecure Software Products and Services.

“The strategy asserts that markets pose inadequate costs to entities that introduce vulnerable products, and we agree.

“Too often products and their hardware and software are released without adhering to security best practices which result in increased stress on organisations and their IT and security teams to pick up the pieces.”

For now, patching as quickly as possible for the mountain of vulnerabilities remains critical, and remediating critical vulnerabilities takes too long – 60 days on average, Automox’s Pflaster and Kitka pointed out.

( Photo by Caleb Perez on Unsplash )

Recent Articles

Agreement management vendor DocuSign to add AI with Lexion buy

Cloud documentation management software company DocuSign has agreed to acquire Lexion, rolling the latter's AI capabilities into its DocuSign Intelligent Agreement Management...

LastPass urges SMBs to tackle human cyber vulnerabilities

SMBs are more proactive yet still aren't patching cybersecurity gaps caused by the "human factor" -- that is, based on human psychology...

Four core GFI business manager applications add AI co-pilot

GFI Software has integrated AI co-pilot capabilities into four of its key business-focused applications with a view to optimised network performance and...

Extended detection and response (XDR) has become vital, says Stormshield

Extended detection and response technologies (XDR) have become a vitally important shield for all companies, according to sovereignty focused data, network and...

Is OSCP or CEH the best security certification for staff? CBT Nuggets explains

Deciding between Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH) cybersecurity skills certifications can be "make or break" for staff,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox