Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » White House cybersecurity strategy stresses software safety

White House cybersecurity strategy stresses software safety

White House cybersecurity strategy stresses software safety

WASHINGTON – An ambitious and wide-ranging White House cybersecurity plan released Thursday calls for bolstering protections on critical sectors and making software companies legally liable when their products don’t meet basic standards. The strategy document promises to use “all instruments of national power” to pre-empt cyberattacks.

The Democratic administration also said it would work to “impose robust and clear limits” on private sector data collection, including of geolocation and health information.

“We still have a long way to go before every American feels confident that cyberspace is safe for them,” acting national cyber director Kemba Walden said during an online forum on Thursday. “We expect school districts to go toe-to-toe with transnational criminal organizations largely by themselves. This isn’t just unfair. It’s ineffective.”

The strategy largely codifies work already underway during the last two years following a spate of high-profile ransomware attacks on critical infrastructure. A 2021 attack on a major fuel pipeline caused panic at the pump, resulting in an East Coast fuel shortage, and other damaging attacks made cybersecurity a national priority. Russia’s invasion of Ukraine compounded those concerns.

The 35-page document lays the groundwork for better countering rising threats to government agencies, private industry, schools, hospitals and other vital infrastructure that are routinely breached. In the past few weeks, the FBI, U.S. Marshals Service and Dish Network were among the intrusion victims.

“The defense is hardly winning. Every few weeks someone gets hacked terribly,” said Edward Amoroso, CEO of the cybersecurity firm TAG Cyber.

He called the White House strategy largely aspirational. Its boldest initiatives – including stricter rules on breach reporting and software liability – are apt to meet resistance from business and Republicans in Congress.

Brandon Valeriano, former senior adviser to the federal government’s Cyberspace Solarium Commission, agreed.

“There’s a lot to like here. It just lacks a lot of specifics,” said Valeriano, a distinguished senior fellow at the Marine Corp. University. “They produce a document that speaks very much to regulation at a time when the United States is very much against regulation.”

The strategy’s data-collection component is also expected to meet stiff headwinds in Congress, though opinion polls say most Americans favor federal data privacy legislation.

In a new report, the tech data firm Forrester Research said state-sponsored cyberattacks rose nearly 100% between 2019 and 2022 and their nature changed, with a greater percentage now carried out for data destruction and financial theft. The threats are mostly from abroad: Russia-based cybercrooks and state-backed hackers from Russia, China, North Korea and Iran.

President Joe Biden’s administration has already imposed cybersecurity regulations on certain critical industry sectors, such as electric utilities, gas pipelines and nuclear facilities. The strategy calls for expanding them to other vital sectors.

In a statement accompanying the document, Biden says his administration is taking on the “systemic challenge that too much of the responsibility for cybersecurity has fallen on individual users and small organizations.” That will mean shifting legal liability onto software makers, holding companies rather than end users accountable.

As a nation, “we tend to devolve responsibility for cybersecurity downward. We ask individuals, small businesses and local governments to shoulder a significant burden for defending us all,” Walden said.

The White House wants to put greater responsibility on the software companies.

“Too many vendors ignore best practices for secure development, ship products with insecure default configurations or known vulnerabilities, and integrate third-party software of unvetted or unknown provenance,” the document says. That must change, it adds, stating that the White House will work with Congress and the private sector on legislation to establish liability.

The director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, drew an analogy in a speech Monday at Carnegie Mellon University to the automotive industry before consumer advocates led by Ralph Nader forced safety reforms, including seat belts and air bags: “The burden of safety should never fall solely upon the customer. Technology manufacturers must take ownership of the security outcomes for their customers.”

But Amoroso, the cybersecurity executive, called that comparison misguided because software is a different animal, inherently complex with hackers constantly finding ways to break it. The liability initiative is apt to get tied up in the courts as industry resists, he said. “If you are a cybersecurity lawyer this is manna from heaven.”

Amoroso preferred positive aspects of the strategy such as securing clean-energy technologies and bolstering the cybersecurity work force, currently short 700,000 workers nationally.

The document also calls for more aggressive efforts to pre-empt cyberattacks by drawing on military, law enforcement and diplomatic tools as well as help from the private sector. Such offensive operations, it says, must take place with “greater speed, scale, and frequency.”

Disruption of hostile cyberactivity through “defending forward” is already happening.

The FBI and U.S. Cyber Command now routinely engage cybercriminals and state-backed hackers in cyberspace, working with foreign partners to thwart ransomware operations and election interference in 2018 and 2020. The government has already deemed ransomware a national security threat and the document says it will continue to use methods such as “hacking the hackers” to combat it.

___

Bajak reported from Boston. AP reporter Rebecca Santana contributed.

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket