Posted on by

CISA’s security-by-design initiative is at risk: Here’s a path forward



Share

Trey Herr
Contributor

Trey Herr is the director of the Atlantic Council’s Cyber Statecraft Initiative.

Maia Hamin
Contributor

Maia Hamin is an associate director with the Cyber Statecraft Initiative.

Will Loomis
Contributor

Will Loomis is an associate director with the Cyber Statecraft Initiative.

Stewart Scott
Contributor

Stewart Scott is an associate director with the Cyber Statecraft Initiative.

The Biden administration’s 2023 National Cybersecurity Strategy identified structural shortcomings in the state of cybersecurity, calling out the failure of market forces to adequately distribute responsibility for the security of data and digital systems. Most prominently, the strategy seeks to “rebalance responsibility [for security] to those best positioned.”
Shortly after the strategy’s launch in March of this year, the Cybersecurity and Infrastructure Security Agency (CISA) kicked off an effort to “shift the balance of cybersecurity risk” by pushing firms to adopt security-by-design (SbD) practices, improving the safety and security of their products at the design phase and throughout their life cycle.
CISA director Jen Easterly’s announcement of these efforts appears to put CISA at the forefront of this rebalancing, addressing technology vendors’ incentives to underinvest in security through changes in how those firms design and deploy the products they sell. As the first substantive proposal from President Biden’s administration to effectuate this rebalancing since the launch of the strategy, the success or failure of the SbD initiative could be a bellwether for one of the strategy’s two fundamental ideas.
Success with SbD is at risk, however, both from the political challenges of implementing SbD practices and the threat of unrealistic expectations. This piece addresses both and highlights a path forward.
Political and structural headwinds
The politics of SbD implementation — which implicitly require a capacity to compel change in vendor practices, as well as the insight to design them — are treacherous ground for CISA, as the fast-growing agency is not a regulator. In time, it might become one, but current and past leadership insist that such responsibilities would be at odds with agency culture and its operational res …

Read More

Related posts:

"The Power of AI in Business and Entrepreneurship: Unlocking Opportunities and Driving Success"
"The Power of AI: Revolutionizing Business and Empowering Entrepreneurs"
Margaritaville Aims to Hang On After Jimmy Buffett’s Death
Pork Industry Grapples With Whiplash of Shifting Regulations


The Future of AI in Marketing: Insights from Erik Huberman at the 2024 Global AI Conference

April 16, 2024
Read More...

Revolutionizing Hospitality: How Predictive Personalization Boosts Revenue

April 16, 2024
Read More...

Integrating AI in Humanoids and Deep Tech: A Strategic Insight with Shaloo Garg at the 2024 Global AI Conference

April 16, 2024
Read More...

How Generative AI is Revolutionizing the Retail Industry: Insights from Microsoft’s ShiSh Shridhar

April 14, 2024
Read More...

From Inspiration to Impact: Julie Davitz’s Vision for Transformative Media Engagement

March 31, 2024
Read More...

Empowering Small Businesses: Jeffery Boyle’s Vision of Accessible AI with Bemodo

March 31, 2024
Read More...

Josh Mangum at 1MediaWorld: Mastering the Human-AI Nexus for Business Success

March 31, 2024
Read More...

Navigating the Nexus of Filmmaking and Financial Reform: The Tobias Deml Blueprint

March 28, 2024
Read More...

Charting the Future: Key Insights and Innovations at the 2024 1EnergyWorld Global Energy Conference

March 28, 2024
Read More...

Leadership and Resilience: Baz Porter’s Masterclass on Navigating Leadership Through Uncertainty

March 26, 2024
Read More...