The Biden-Harris Administration issued its National Cybersecurity Strategy Implementation Plan (NCSIP), which provides a detailed roadmap to achieving the National Cybersecurity Strategy. There’s a fact sheet available here that provides a brief outline:
President Biden has made clear that all Americans deserve the full benefits and potential of our digital future. The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace:
- Ensuring that the biggest, most capable, and best-positioned entities – in the public and private sectors – assume a greater share of the burden for mitigating cyber risk
- Increasing incentives to favor long-term investments into cybersecurity
Ani Chaudhuri, CEO, Dasera had this comment:
This new National Cybersecurity Strategy Implementation Plan (NCSIP) is a bold and essential step towards protecting our nation’s critical infrastructure, which is increasingly becoming the target of sophisticated cyber threats.
The NCSIP correctly places considerable emphasis on collaborative efforts between the public and private sectors. Such a partnership is absolutely necessary considering the crucial role that private corporations play in running vital components of our nation’s infrastructure, as well as housing a large share of our sensitive data.
However, I would like to challenge the primary emphasis on the responsibilities of the ‘biggest, most capable, and best-positioned entities.’ While these entities undoubtedly have a role to play, it’s crucial to remember that cybersecurity is not merely the domain of the large and powerful. Small and medium enterprises (SMEs), which constitute the vast majority of businesses and are often part of the supply chains of larger corporations, must also be equipped with the tools and knowledge to defend against cyber threats.
The plan also recognizes the importance of incentivizing long-term investments into cybersecurity. I wholeheartedly agree with this approach. Cybersecurity is not a one-time investment but an ongoing process that requires continuous updating, monitoring, and proactive measures. Long-term planning and investment will be more effective than reactive measures taken after an incident has already occurred.
Another crucial aspect of the plan I strongly agree with is the importance of training a skilled cyber workforce. Cybersecurity is not a static field. The nature of threats we face is continuously evolving, requiring us to constantly upgrade our knowledge and skills. Hence, it’s not just about creating more cybersecurity jobs, but about ensuring that those in these roles are equipped with the most up-to-date skills and knowledge.
However, despite the ambitious plan laid out, execution will be key. The question now is whether these policies will be implemented in a way that effectively reduces cyber risk. As a cybersecurity professional, I look forward to seeing these initiatives take shape and am hopeful about the impact they could have on our nation’s cyber defenses.
This plan moves the needle forward around critical infrastructure security and on efforts to disrupt threat actors. However, from what I have read, it lacks any path to coordinated, standardized enforcement and leaves individual sector-specific agencies in control. But if that gets addressed, this plan will have significant value.
Cynet Takes A Look At CVE-2023-36884
Posted in Commentary with tags Cynet on July 14, 2023 by itnerdThe research team at Cynet has been taking a look at CVE-2023-36884 which relates to a Microsoft Office and Windows HTML Remote Code Execution Vulnerability. The blog breaks down the specifics of the attack vectors and how the Storm group who are the threat actors behind this carries out the attack.
You can read the blog post here: https://www.cynet.com/blog/yet-another-ms-cve-dont-get-caught-in-the-storm/
Leave a comment »