On Thursday, the White House released the National Cybersecurity Strategy, which highlights several key areas and focuses on increasing transparency and accountability, while improving information sharing and collaboration. Our team weighed in to provide additional commentary around the release:
Building Security from the Ground Up: The Responsibility of Cybersecurity Companies
Andrew Hoyen, President and COO - IGI
The National Cybersecurity Strategy puts the onus on the user/customer/business to be diligent and vigilant about their cyber awareness and hygiene. However, it also puts pressure on companies, like IGI, to produce products, solutions, and services that not only help people navigate these waters more effectively, but forces these companies to create secure solutions that are themselves secure. Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), stated that the industry can no longer blame and shame customers who are victims of sophisticated attacks. Simply, we, as an OEM, need to make sure we have built the right security into our software and SaaS solutions.
The industry as a whole has normalized the fact that technology products are released to market with defects and no one is being held accountable. Our customers tend to believe their security partner that the products and solutions they bring into their environment are secure, but no one is validating that. For example, in a manufacturing environment, defects are unacceptable, and companies use various methods around continuous improvement to not only address their finished products, but also their supply chain. The same should be true for the cybersecurity product and software industry; poor controls and construction would be unacceptable in any critical field and cybersecurity is no different.
The big question remains: Is this strictly a government responsibility to advance legislation to prevent technology companies from disclaiming liability by establishing higher standards of care? Or should the industry come together and find ways of holding each other accountable?
In cybersecurity, until now, we have put all the responsibility on the consuming organizations, blaming them and discouraging them from disclosing information that would allow others to design safer products. Ultimately, the responsibility falls on all involved from the end user to the developer and those in between. Who should be looking at how we develop solutions that provide the solutions that all companies need to protect their assets effectively?
We, as cybersecurity providers and leaders, need to do better for our customers, community, and the industry. We need to prioritize security in the design and implementation of our solutions, and take on that responsibility to help facilitate a more resilient and secure digital landscape because we are all in this together.
The Power of Simplification, Collaboration, and Cohesion
Paul Robinson, VP of National Sales - IGI Cybersecurity
One thing that I have been extremely impressed with is the general reaction to the new order. Usually, when new compliances or executive orders come out, there is a lot of debate and discussions that aren’t fruitful.
For the first time, maybe ever, people are starting to see the need for collaboration and cohesion. In my opinion, the driving force for this positivity was the simplification of the strategy into the 5 pillars. Our industry has struggled with complex jargon, hundreds of pages of explanation for a compliance standard, and multiple-letter acronyms, thus creating confusion.
The pillars approach and its descriptions make it very difficult to argue the validity of the strategy.