Cybersecurity strategy generally earns positive feedback, says Walden
Acting National Cyber Director Kemba Walden recently spoke at a forum hosted by The Software Alliance, where she discussed the current state of the national cybersecurity strategy and areas of disagreement.
Walden emphasized the importance of a united message and strategy from all agencies for a more cohesive national cybersecurity posture. She highlighted that the FBI, National Security Agency, and the Cybersecurity and Infrastructure Security Agency each play key roles from an operational perspective in national cybersecurity.
The national cybersecurity strategy focuses on individual technology users, small businesses, local governments, and small infrastructure providers like schools and hospitals, as they currently bear the brunt of the national cybersecurity risk. Walden identified these entities as crucial areas to address in the strategy.
Walden also acknowledged that private industry can detect ransomware attacks earlier than the national weather service. She pointed out that much of the dialogue has centered around creating a safe harbor mechanism to provide additional protections. This mechanism is expected to be a multi-stakeholder, multiyear process.
The private sector owns and controls most of the critical infrastructure in the U.S., according to Walden. She stated that the administration considers private industry as a frontline to counter malicious national cyber activity. Walden expressed the need for the administration to engage with the private sector for input on national cybersecurity policy and information sharing.
In terms of policy, Walden identified two major areas of common ground: the need to shift the national cybersecurity risk away from these entities, and the need for the U.S. to work together to defend systems from malicious actors. She emphasized the need to build a more resilient digital ecosystem, able to withstand malicious activity regardless of the source of the threat.
Walden's office aims to drive cohesion among federal agencies with a common goal of driving national cybersecurity policy. This includes over 40 U.S. agencies, including sector risk management agencies dealing with critical infrastructure priorities. The White House contains various bodies responsible for national cybersecurity, including the National Security Council, the National Economic Council, and the Office of Science and Technology Policy.
There are concerns about the potential legal liability facing developers and others for products that fail to meet security standards. Walden stated that private industry has been working closely with the national weather service on issues like shifting software liability.
The administration's goal is to drive cohesion among federal agencies in driving national cybersecurity policy. This includes private industry organizations involved in developing national cybersecurity policies and information sharing in the United States. These organizations include industry-led Information Sharing and Analysis Centers (ISACs) for various sectors, private national weather service firms providing advisory and compliance services, and public-private partnerships such as the Cybersecurity Information Sharing Act (CISA) framework. However, a detailed list from the provided search results does not specifically name these organizations.
In conclusion, Walden's address at The Software Alliance forum provided insights into the current state of the national cybersecurity strategy and areas of disagreement. She emphasized the importance of a united approach among all agencies, the need for private industry involvement, and the goal of building a more resilient digital ecosystem. The process of addressing software liability and national cybersecurity is expected to be a multi-stakeholder, multiyear process.
