The Biden-Harris Administration’s National Cybersecurity Strategy is a step toward building a bigger, more inclusive and effective U.S. cybersecurity workforce.
Experts from around the industry sounded off on what the strategy means for members of security of organizations that hold critical data across the private and public sectors.
What are your thoughts? What do you think of the five pillars of the strategy? Did they miss anything?
To me, this is a joke! I high level fluff statement with no meaning. Let me know when they actually has a US version of GDPR! It is one thing to say you will hold places accountable but there is nothing to back it up. It seems a bit like when they first came out with the Can-Spam Act, that had no teeth to back it up. As for partnership between public and private, yes they already tried that and it's a one way street! The want the private to feed them info with little to nothing coming the other way.
Change is needed and blame needs to be placed in the proper places, but I see this doing nothing to achieve that.
While I don't disagree, there is significant challenges that our government has in directing cybersecurity as a nation. Foremost is that most of our critical infrastructure is not owned by the government. Without diving too far into politics how do we come to an agreement in the overreach of the government and rights of its people to run their businesses in a manner that they see fit for profitability without leaving those dependent upon those services in the dark so to speak. As someone whose worked with critical infrastructure, I can tell you regulation is coming, but having worked with regulated industries that does not solve all problems and indeed creates more issues. So I think this is sometimes a matter of what small steps can they do to work towards solving the problem. The big issue is a balance of maintaining appropriate defenses with the cost of doing business, and how can the government help private industry protect their assets when they are still in their infancy as to cybersecurity.
In concept they are trying, however, subjects such as AI means that attacks can occur in minutes instead of weeks. https://abcnews.go.com/Politics/new-cybersecurity-strategy-rolls-amid-ai-buzz-concerns/story?id=9766...
We no longer live in a world of FUD (Fear, Uncertainly and Doubt), we know attacks occur with the average attack cost per incident in the region of US $9 Million, according to recent reports.
We need stronger leadership and guidance, that means that the C-Suite actually are trained, and developed to lead, rather than have lipservice, because it costs XYZ and it will never happen here attitude. It is happening all around us, and especially within new technologies - look at the latest reports which states that the US is 20 years behind the Chinese in AI, Quantum Technology and various others.
Stronger investment, development, legal mandates are required to enforce a change in mind, or the actual economy will be directly affected and companies will go into liquidation due to an attack, they cannot with stand or recover from.