The Biden administration has issued an implementation framework for its National Cybersecurity Strategy, detailing how the federal government plans to regulate digital security issues. The highly anticipated document lists more than 65 initiatives for executing the “five pillars” of the March 2023 U.S. National Cybersecurity Strategy, described as a “bold, affirmative vision for cyberspace.” The implementation takes a two-pronged approach: empowering capable actors who can bear more of the security responsibility, and the need for incentives that facilitate investment in long-term resilience. Continue reading White House Releases Plan for Cybersecurity Implementation

The U.S. and a coalition of international government agencies have issued joint guidance that aims to get software companies to heighten security for their products. “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” takes the position that today’s software is insecure by default and it is the customer’s burden to take steps to make it safe. Manufacturers should make their products safe before they ship by taking steps including deprecating the “default password,” writing their programs using only secure coding languages, providing free patches and setting up vulnerability reporting programs. Continue reading U.S. Agencies Join Global Coalition in Secure Software Push

The Biden administration has issued rules requiring key U.S. companies to meet minimum cybersecurity standards. The new National Cybersecurity Strategy (NCS) calls on software makers and American industry to be more active in the fight to repel hackers and ransomware groups even as the FBI accelerates global efforts to disrupt bad actors. Although the strategy is a policy document rather than an executive order, it represents a major policy shift, escalating participation by both the public and private sectors, while anticipating legislative changes required to give teeth to the plan. Continue reading Biden Advocates Tougher Cybersecurity for Private Enterprise