Join our subscribers
New National Cybersecurity Strategy: resilience, regs, collaboration and pain (for attackers)
Tuesday, March 7, 2023
The Biden administration’s National Cybersecurity Strategy aims to go after attackers, cultivate a resilience-first defensive posture and build public, private and international collaboration.
Experts: Without collaboration, regulations could hurt more than help
Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, said unilateral regulations would shackle advances.
“Most industries — apart from software — are already comprehensively regulated in most of the developed countries,” he said.
“You cannot just manufacture what you want without a license or without following prescribed safety, quality and reliability standards. Software and SaaS solutions shall be no exception to that.”
He maintained that overregulation and bureaucracy would be counterproductive.
“The technical scope, timing of implementation and niche-specific requirements for tech vendors will be paramount for the eventual success or failure of the proposed legislation. Unnecessarily burdensome or, contrariwise, formalistic and lenient security requirements will definitely bring more harm than good.”
But, he said, intensive and open collaboration of independent experts coming from industry, academia and specialized organizations would help by producing balanced regulations amenable to both industry and government.
The strategy statement said regulations should be performance based, leveraging existing cybersecurity frameworks, voluntary consent suspended standards and guidance involving the Cybersecurity and Infrastructure Security Agency and National Institute of Standards and Technology. Read Full Article
Verdict: Shifting cybersecurity responsibility to US tech firms may be “counterproductive”, says expert
CPO Magazine: 2022 LastPass Password Vault Theft Traced to Home Computer of DevOps Engineer
