Actu
Comments on Joe Biden’s new cybersecurity strategy - from SecurityScorecard
March 2023 by Brendan Peter, Vice President, Global Government Affairs at SecurityScorecard
The comments on Biden’s new cybersecurity regulation from Brendan Peter, Vice President, Global Government Affairs at SecurityScorecard
• The U.S. government has explicitly acknowledged that it is now applying a metric-driven approach to measuring the effectiveness of its cybersecurity strategies, policies, and practices
• Cybersecurity regulation has already been occurring in the U.S., and more is expected to come
• The U.S. government is actively seeking ways to reduce the compliance burden of such cybersecurity regulation
Feel free to use any of these comments in a piece that you might be running:
• "This strategy is crucial in strengthening the defensive and offensive cyber capabilities of the United States and helping organizations across sectors move towards a more secure digital landscape. It represents a positive shift in the policies and standards we’ve seen in the past decades. It comes not a moment too soon as today’s organizations in the public and private sectors face mounting cyber threats.
• As organizations move forward to execute the strategy, I hope to see a strong focus on cyber outcomes instead of simple check-the-box compliance. Smart and harmonized regulation, as well as a focus on outcomes, is what will drive stronger outcomes.
• As the strategy states, the public sector has growing visibility into cyber adversary activity. It’s critical that the government is prescriptive toward the private sector, compelling companies to follow a baseline set of cybersecurity standards to guide companies as they work to better understand the digital threats they are up against. To put it simply, you can’t fix what you can’t measure. This strategy is a step in the right direction and to improve the cyber outcomes for these organizations, they will need constant measurement and improvement of their security posture to combat ever-evolving cyber risks and dismantle threat actors.
• This strategy serves to increase the pace of innovation in cyber defense and offense, which is increasingly important as the U.S. faces mounting activity from foreign adversaries. As these threat actors ramp up attacks against critical infrastructure in particular, this strategy will provide expanded cyber requirements for these organizations and result in new regulatory motions to further protect the industry.
• Honing in on the second pillar, there is a clear emphasis on the need for defensive and offensive cyber operations, as well as an increase in public-private collaboration on threat detection and remediation, which will be critical in making meaningful progress towards thwarting foreign threat actors."
