cybersecurity, and the National Cybersecurity Strategy is a great step in the right direction. We are particularly encouraged to see the focus on offensive capabilities, but we must remember that defending our critical infrastructure and digital infrastructure requires a comprehensive approach. This strategy outlines the need for increased investment in technologies that can detect, prevent, and respond to threats, but these investments will only be effective if the government and private sector are working together to ensure the entire ecosystem is secure. It is not enough to invest in the latest technologies; organizations must ensure that their staff are trained and equipped to understand, deploy, and manage these technologies. It is also critical that organizations collaborate with each other to share intelligence, best practices, and lessons learned to ensure that our digital infrastructure is defended against the ever-evolving threat landscape.”
The White House has released its National Cybersecurity Strategy, seeking to shift the burden for managing cyber risk from individuals and small businesses to tech companies, while taking a more offensive approach to dealing with threat actors. The strategy focuses on five pillars: defending critical infrastructure, disrupting and dismantling threat groups, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals. Industry professionals have commented on various aspects of the new cybersecurity strategy, its impact, and implications.
Brandon Valeriano, distinguished senior fellow at the Marine Corp. University and former senior adviser to the federal government’s Cyberspace Solarium Commission, commented on the strategy, saying, “There’s a lot to like here. It just lacks a lot of specifics. They produce a document that speaks very much to regulation at a time when the United States is very much against regulation.” Ilia Kolochenko, founder and CEO of ImmuniWeb, discussed potential implications of the strategy, arguing that shifting the cybersecurity burden to software developers and tech solution providers is economically sound. Szilveszter Szebeni, CISO at Tresorit, also weighed in, stating that while software vendors are exempt from most of the regulation in other industries, software and SaaS solutions should be no exception.
Moty Kanias, VP cyber strategy and alliances at NanoLock, applauded the White House’s efforts to fight cybercrime and create new cyber security solutions. He discussed the importance of protecting critical infrastructure and production lines at the industrial device level, and cited Singapore as an example of a nation deepening its regulations for critical infrastructure. David Lindner, CISO at Contrast Security, also commented on the Executive Order, Operational Directive 22-01, and Operational Directive 22-18, stating the need for understanding, exposing, and fixing the security issues in our software.
Cody Cornell, co-founder and chief strategy officer of Swimlane, focused on the need for sector-specific regulatory frameworks, noting the importance of enforcement in order to drive change. Debbie Gordon, founder and CEO of Cloud Range, also commented on the strategy, applauding the goal of modernizing the federal government’s cybersecurity strategy, but expressing concern over the need for ongoing training and readiness. Finally, Jacob Berry, field CISO at Clumio, praised the National Cybersecurity Strategy, noting the need for increased investment in technologies and staff training, as well as the importance of collaboration to share intelligence and best practices.
Overall, the National Cybersecurity Strategy has received a positive response from industry professionals, who have commented on various aspects of the new strategy, its impact, and implications. The strategy seeks to shift the burden of managing cyber risk, while taking a more offensive approach to dealing with threat actors. It also calls for increased investment in technologies and staff training, as well as collaboration and enforcement of sector-specific regulatory frameworks. The strategy’s success will depend on the government and private sector working together to ensure the entire ecosystem is secure.