* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, July 4, 2026
Earth-News
  • Home
  • Business
  • Entertainment

    Comic-Con Shocker: Beloved Annual Party Canceled in Surprise Move

    Miley Cyrus Stuns with Jaw-Dropping Barbie Doll Transformation!

    What Will Be Celebrated as an American Classic 250 Years from Now?

    How Investors Might Respond to PENN Entertainment’s Aurora Casino Launch and the Russell 2000 Shake-Up

    Discover La Jolla’s Unmissable Entertainment and Experiences: Your Ultimate Guide

    Seaport Entertainment GC Steps Into New Role as Strategic CEO Adviser

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology

    Aviation Technology Launches Exciting New Interiors Division

    China-linked actors target more than technology as AI competition with U.S. intensifies – CNBC

    Is tech ruining the World Cup? – BBC

    Arch Appoints Chief Technology Officer – Family Wealth Report

    CrowdStrike Named Frost & Sullivan’s 2026 Global Enabling Technology Leader in Zero Trust Browser Security – Yahoo Finance

    Revolutionary AI Tool Set to Transform RNA Mapping, Challenging AlphaFold 3

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment

    Comic-Con Shocker: Beloved Annual Party Canceled in Surprise Move

    Miley Cyrus Stuns with Jaw-Dropping Barbie Doll Transformation!

    What Will Be Celebrated as an American Classic 250 Years from Now?

    How Investors Might Respond to PENN Entertainment’s Aurora Casino Launch and the Russell 2000 Shake-Up

    Discover La Jolla’s Unmissable Entertainment and Experiences: Your Ultimate Guide

    Seaport Entertainment GC Steps Into New Role as Strategic CEO Adviser

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology

    Aviation Technology Launches Exciting New Interiors Division

    China-linked actors target more than technology as AI competition with U.S. intensifies – CNBC

    Is tech ruining the World Cup? – BBC

    Arch Appoints Chief Technology Officer – Family Wealth Report

    CrowdStrike Named Frost & Sullivan’s 2026 Global Enabling Technology Leader in Zero Trust Browser Security – Yahoo Finance

    Revolutionary AI Tool Set to Transform RNA Mapping, Challenging AlphaFold 3

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

CISA’s security-by-design initiative is at risk: Here’s a path forward

July 29, 2023
in Technology
CISA’s security-by-design initiative is at risk: Here’s a path forward
Share on FacebookShare on Twitter

Trey Herr is the director of the Atlantic Council’s Cyber Statecraft Initiative.

Maia Hamin is an associate director with the Cyber Statecraft Initiative.

Will Loomis is an associate director with the Cyber Statecraft Initiative.

Stewart Scott
Contributor

Stewart Scott is an associate director with the Cyber Statecraft Initiative.

The Biden administration’s 2023 National Cybersecurity Strategy identified structural shortcomings in the state of cybersecurity, calling out the failure of market forces to adequately distribute responsibility for the security of data and digital systems. Most prominently, the strategy seeks to “rebalance responsibility [for security] to those best positioned.”

Shortly after the strategy’s launch in March of this year, the Cybersecurity and Infrastructure Security Agency (CISA) kicked off an effort to “shift the balance of cybersecurity risk” by pushing firms to adopt security-by-design (SbD) practices, improving the safety and security of their products at the design phase and throughout their life cycle.

CISA director Jen Easterly’s announcement of these efforts appears to put CISA at the forefront of this rebalancing, addressing technology vendors’ incentives to underinvest in security through changes in how those firms design and deploy the products they sell. As the first substantive proposal from President Biden’s administration to effectuate this rebalancing since the launch of the strategy, the success or failure of the SbD initiative could be a bellwether for one of the strategy’s two fundamental ideas.

Success with SbD is at risk, however, both from the political challenges of implementing SbD practices and the threat of unrealistic expectations. This piece addresses both and highlights a path forward.

Political and structural headwinds

The politics of SbD implementation — which implicitly require a capacity to compel change in vendor practices, as well as the insight to design them — are treacherous ground for CISA, as the fast-growing agency is not a regulator. In time, it might become one, but current and past leadership insist that such responsibilities would be at odds with agency culture and its operational responsibilities.

The agency’s ability to support, build capacity, train, coordinate, and plan together with state, local, tribal and territorial entities, and industry stakeholders is rooted in its disposition as a trusted partner and neutral convener.

This means CISA should be only one of several federal agencies working to implement SbD, with cooperation from regulators like the Federal Trade Commission (FTC), a sharp and pointy complement to CISA’s open-handed approach. Otherwise, the SbD initiative could place CISA in a bind, trying to fix entrenched market incentive problems but without the ability to compel companies to act differently. CISA efforts to create accountability might undermine its attempts to generate goodwill.

Developing and defining a set of SbD practices that vendors can attest to, and that the U.S. government and other parties can verify or enforce, is a tremendous undertaking in and of itself. CISA must build SbD practices alongside an architecture for enforcement that sets clear roles for entities like the FTC, the Department of Defense, the Securities and Exchange Commission, and the General Services Administration.

The White House has responsibility here, too, and specifically the Office of the National Cyber Director, to guide this multi-agency effort within a strategy to manage the industry politics of shifting the incentives in this market — precisely what the office was designed, staffed, and organized to do. CISA’s focus must remain on enumerating and updating the essential SbD practices.

Just one piece of the puzzle

As we have argued before, “no strategy can address all sources of risk at once, but . . . silver bullets often trade rhetorical clarity for crippling internal compromises.” The SbD program could achieve deep, meaningful changes in how some of the largest technology vendors build services and products. Those changes would have material benefits for the security of every technology user.

However, cajoling all firms toward a comprehensive and uniform set of best practices is a fundamentally incompletable task.

Malicious actors perpetually seek new means of exploit; different sectors and system classes face different and unique challenges; and new technologies are prone to modes of failure, both new and unforeseen. Adopting certain new processes, rigorously enforcing them, and fixing existing incentives would still be a much-needed improvement over the current status quo.

However, adopting memory-safe languages or pushing large actors toward better risk management would not necessarily have prevented many significant vulnerabilities in recent memory, such as Log4Shell. To succeed, CISA will also need to understand how large technology companies build products and services — current industry practice is far from complete or perfect, but it is the baseline from which SbD hopes to drive change. Understanding that baseline is critical.

There is danger when rhetoric around shifting responsibility in cyberspace suggests that cybersecurity problems and challenges exist only because technology vendors cut corners or that all cybersecurity risk can be avoided by following a simple set of straightforward practices. The increasingly interconnected, dependent nature of software systems, as well as the variety of organizations and systems they connect to, creates risks all its own.

SbD is an important piece of managing this — the status quo of responsibility deferred to the user is broken — but describing SbD as a panacea risks creating backlash when insecurity inevitably persists.

It is clear CISA recognizes that success in SbD could be one of the most impactful policy interventions in cybersecurity in the last decade. It is also clear that the program, even in its most successful incarnation, will leave some problems unsolved. Specificity about the scope and goals of the program will help prevent its inevitable critics from distorting the debate into all-or-nothing terms.

Risk and opportunity

SbD — the first policy manifestation of the National Cybersecurity Strategy’s effort to shift responsibility — will not come about by sheer goodwill alone. CISA is not a regulator, and it must define a path for federal agencies that are regulators so that the implementation of SbD leverages the broader standards setting, enforcement, and regulatory powers of the federal government.

Shying away from direct government enforcement of these security practices risks consigning the effort to history, alongside many other “voluntary” and “industry-led” programs.

The growing and talented team at CISA have 18 months until January 2025, which will bring either the paralyzing tumult of transition or the still-chaotic maturation of a first-term administration into a second. The largest vendors that would participate in this program are not going anywhere and can afford to wait.

In this sense, CISA and the wider U.S. government’s cyber policy apparatus is on the clock. CISA must focus on the essential elements of SbD and organize, build, and engage with a clear deadline in mind. The clock is ticking.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechCrunch – https://techcrunch.com/2023/07/29/cisas-security-by-design-initiative-is-at-risk-heres-a-path-forward/

Tags: CISA’ssecurity-by-designtechnology
Previous Post

If it hadn’t been for them meddlin’ kids

Next Post

Deal Dive: Cutting through the noise in a category clouded by catastrophic failure

Transforming Landscapes: Inside the Innovative Work of SLC’s Restoration Ecology Team

July 4, 2026

Aviation Technology Launches Exciting New Interiors Division

July 4, 2026

Marlins Power Up with Crushing Home Runs to Take Commanding Series Opener Against Athletics

July 4, 2026

Nobel Laureates Call for Science to Remain Democratic and Inclusive

July 4, 2026

Could We Be Missing Vital Signs of Extraterrestrial Life?

July 4, 2026

Are You Captivated by the ‘Tradwife’ Lifestyle? Tell Us What Draws You In!

July 4, 2026

Lionel Messi Tops the World Cup Goal Charts, with Kylian Mbappé Closing In Fast

July 4, 2026

Merz Unveils Ambitious Plan to Transform Germany with Tax Cuts, Pension Overhaul, and Fresh Sick Leave Policies

July 4, 2026

One Year After Funding Cuts, Mississippi’s Vietnamese Health Navigators Face an Uncertain Future

July 4, 2026

Comic-Con Shocker: Beloved Annual Party Canceled in Surprise Move

July 4, 2026

Categories

Archives

July 2026
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (1,299)
  • Economy (1,318)
  • Entertainment (22,197)
  • General (22,455)
  • Health (10,355)
  • Lifestyle (1,332)
  • News (22,149)
  • People (1,323)
  • Politics (1,340)
  • Science (16,533)
  • Sports (21,818)
  • Technology (16,305)
  • World (1,312)

Recent News

Transforming Landscapes: Inside the Innovative Work of SLC’s Restoration Ecology Team

July 4, 2026

Aviation Technology Launches Exciting New Interiors Division

July 4, 2026
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version