Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Index for cybersecurity. Show all posts

Absolute's 2023 Resilience Index: America's Cybersecurity

Recently, the White House has come up with a new national cybersecurity strategy called ‘Absolute's 2023 Resilience Index’, it will hold software companies responsible for products’ security. The document unveiled by the government includes regulations for vulnerable critical infrastructure firms and software liability for exploitable vulnerabilities. 

Following this, the administration said that it is collaborating with Congress to create a new law that can combat cybersecurity matters effectively. This index has been proposed after hacking incidents that threatened major public services during the first year of the Biden administration. 

In addition to this, the federal government is also planning to use its regulatory and purchasing power to encourage software manufacturing companies that are crucial to the economy and national security to improve their cybersecurity measures. 

Jen Easterly, director of CISA, has urged technology companies to take responsibility for the cybersecurity of their products, which are crucial to society. Further, she questioned why the blame for security breaches falls on companies for not patching vulnerabilities, rather than on the manufacturers who created the technology requiring multiple patches. 

“We often blame a company today that has a security breach because they didn’t patch a known vulnerability. What about the manufacturer that produced the technology that required too many patches in the first place?” Easterly added. 

The administration is considering ways to make the tech sector accountable for the digital safety of critical US industries, with a forthcoming cybersecurity strategy expected to demand increased security investments from industries supporting sectors like energy, water, and healthcare. 

In recent years, the White House has already released important guidelines for improving cybersecurity, such as the Executive Order on Improving the Nation’s Cybersecurity, which was issued in May 2021 and mandated zero trust as a best practice for modern cybersecurity programs across sectors. Additionally, in a memo issued in January 2022, the U.S. Office of Management and Budget identified zero trust as a critical element of a modern cybersecurity strategy. 

However, the main obstacles to achieving cybersecurity success today are the same as they were 12 months ago. Bad actors are continuously evolving, developing new variants and methods. Consequently, a narrowly scoped or static approach to cybersecurity is unlikely to be effective in protecting critical infrastructure.