Estimated reading time: 1 minute, 52 seconds

What Security Pros Are Saying About Biden’s National Cyber Strategy  

While some cybersecurity practitioners heaped early praise on the Biden administration’s recently unveiled national cybersecurity strategy, they generally noted that the devil will be in the details.

Biden smile 5621670 640As CNBC reports, the strategy aims to shift the cybersecurity burden from individuals, small businesses and local governments to software makers and others with the resources to handle it.

The White House said that it will work with Congress and the private sector to develop legislation that would hold companies liable if they fail to make “reasonable” attempts to secure their products. The administration said in its draft report that any such bill should also include “an adaptable safe harbor framework” that companies could follow to demonstrate that their security practices are thorough enough to avoid liability.

Brian Fox, CTO and founder of software supply chain security firm Sonatype, told Krebs on Security that the liability effort could be a watershed for the cybersecurity sector. He said that similar regulatory changes in other industries led to “a positive result” of due care and accountability. He added that the safe harbor idea could help the industry transform gradually, a contrast in Fox’s view from unrealistically ambitious regulatory initiatives that have come before.

Karen Walsh, cybersecurity compliance expert at cybersecurity marketer Allegro Solutions told Dark Reading that the strategy might associate security with carrots, not sticks, in corporate mentalities. Walsh likened the proposal to clean-energy incentives already on offer by the government. Shawn Tuma, a partner at law firm Spencer Fane who focuses on cybersecurity, told Wired that the liability discussion will hinge on what the definition of “reasonable” is.

Edward Amoroso, CEO of cybersecurity firm TAG Cyber, told the Associated Press that while major data breaches have certainly been continuing of late, the proposal for liability and other thorny recommendations will probably face opposition from Republican lawmakers and private industry.

Marty Edwards, vice president of operational technology security at Tenable and former director of ICS-CERT, speaking with CyberScoop, echoed the White House’s call for harmonizing cybersecurity regulations but also noted the likelihood of resistance.

As The New York Times notes, the strategy is a policy document, without the force of an executive order. Every president since George W. Bush has released some type of cybersecurity strategy.

Read 1196 times
Rate this item
(0 votes)

Visit other PMG Sites: