Tesla under investigation after steering wheels fall off two Model Y vehicles

</div>n

Developing and defining a set of SbD practices that vendors can attest to, and that the U.S. government and other parties can verify or enforce, is a tremendous undertaking in and of itself. CISA must build SbD practices alongside an architecture for enforcement that sets clear roles for entities like the FTC, the Department of Defense, the Securities and Exchange Commission, and the General Services Administration.</p>n

The White House has responsibility here, too, and specifically the Office of the National Cyber Director, to guide this multi-agency effort within a strategy to manage the industry politics of shifting the incentives in this market u2014 precisely what the office was designed, staffed, and organized to do. CISAu2019s focus must remain on enumerating and updating the essential SbD practices.</p>n

Just one piece of the puzzle</h2>n

As we have argued before,</a> u201cno strategy can address all sources of risk at once, butu00a0.u00a0.u00a0.u00a0silver bullets often trade rhetorical clarity for crippling internal compromises.u201d The SbD program could achieve deep, meaningful changes in how some of the largest technology vendors build services and products. Those changes would have material benefits for the security of every technology user.</p>n

However, cajoling all firms toward a comprehensive and uniform set of best practices is a fundamentally incompletable task.</p>n

Malicious actors perpetually seek new means of exploit; different sectors and system classes face different and unique challenges; and new technologies are prone to modes of failure, both new and unforeseen. Adopting certain new processes, rigorously enforcing them, and fixing existing incentives would still be a much-needed improvement over the current status quo.</p>n

However, adopting memory-safe languages or pushing large actors toward better risk management would not necessarily have prevented many significant vulnerabilities in recent memory, such as Log4Shell. To succeed, CISA will also need to understand how large technology companies build products and services u2014 current industry practice is far from complete or perfect, but it is the baseline from which SbD hopes to drive change. Understanding that baseline is critical.</p>n

There is danger when rhetoric around shifting responsibility in cyberspace suggests that cybersecurity problems and challenges exist only </em>because technology vendors cut corners or that all cybersecurity risk can be avoided by following a simple set of straightforward practices. The increasingly interconnected, dependent nature of software systems, as well as the variety of organizations and systems they connect to, creates risks all its own.</p>n

SbD is an important piece of managing this u2014 the status quo of responsibility deferred to the user is</em> broken u2014 but describing SbD as a panacea risks creating backlash when insecurity inevitably persists.</p>n

It is clear CISA recognizes that success in SbD could be one of the most impactful policy interventions in cybersecurity in the last decade. It is also clear that the program, even in its most successful incarnation, will leave some problems unsolved. Specificity about the scope and goals of the program will help prevent its inevitable critics from distorting the debate into all-or-nothing terms.</p>n

Risk and opportunity</h2>n

SbD u2014 the first policy manifestation of the National Cybersecurity Strategyu2019s effort to shift responsibility u2014 will not come about by sheer goodwill alone. CISA is not a regulator, and it must define a path for federal agencies that are regulators so that the implementation of SbD leverages the broader standards setting, enforcement, and regulatory powers of the federal government.</p>n

Shying away from direct government enforcement of these security practices risks consigning the effort to history, alongside many other u201cvoluntary</a>u201d and u201cindustry-led</a>u201d programs.</p>n

The growing and talented team at CISA have 18 months until January 2025, which will bring either the paralyzing tumult of transition or the still-chaotic maturation of a first-term administration into a second. The largest vendors that would participate in this program are not going anywhere and can afford to wait.</p>n

In this sense, CISA and the wider U.S. governmentu2019s cyber policy apparatus is on the clock. CISA must focus on the essential elements of SbD and organize, build, and engage with a clear deadline in mind. The clock is ticking.</p>n”,”protected”:false},”excerpt”:{“rendered”:”

Success with security-by-design is at risk, both from the political challenges of implementation and the threat of unrealistic expectations.</p>n”,”protected”:false},”author”:133574551,”featured_media”:2575703,”comment_status”:”open”,”ping_status”:”closed”,”sticky”:false,”template”:””,”format”:”standard”,”meta”:{“outcome”:””,”status”:””,”crunchbase_tag”:0,”amp_status”:””,”relegenceEntities”:[],”relegenceSubjects”:[],”carmot_uuid”:”92c28973-b822-3ef9-9d3e-ada2b6b56ead”,”apple_news_api_created_at”:”2023-07-29T12:30:15Z”,”apple_news_api_id”:”9b309e7c-ae6b-45bb-a79c-921ee8c2f1ce”,”apple_news_api_modified_at”:”2023-07-29T12:30:15Z”,”apple_news_api_revision”:”AAAAAAAAAAD//////////w==”,”apple_news_api_share_url”:”https://apple.news/AmzCefK5rRbunnJIe6MLxzg”,”apple_news_coverimage”:0,”apple_news_coverimage_caption”:””,”apple_news_is_hidden”:false,”apple_news_is_paid”:false,”apple_news_is_preview”:false,”apple_news_is_sponsored”:false,”apple_news_maturity_rating”:””,”apple_news_metadata”:””””,”apple_news_pullquote”:””,”apple_news_pullquote_position”:””,”apple_news_slug”:””,”apple_news_sections”:””””,”apple_news_suppress_video_url”:false,”apple_news_use_image_component”:false},”categories”:[577065682,21587494],”tags”:[730845,449557039,965824,449557088,577144491],”crunchbase_tag”:[],”tc_stories_tax”:[],”tc_ec_category”:[],”tc_event”:[],”tc_regions_tax”:[],”yoast_head”:”n

CISAu2019s security-by-design initiative is at risk: Hereu2019s a path forward | TechCrunch</title>nnnnnnnnnnnnntntntnnnnnntntntn

Related Posts

It’s true! Crossword Clue

We have the answer for It’s true! crossword clue if you need help figuring out the solution! Crossword puzzles can introduce new words and concepts, while helping…

Activist who co-founded Black Lives Matter Crossword Clue NYT

Activist who co-founded Black Lives Matter Crossword Check Activist who co-founded Black Lives Matter Crossword Clue here, NYT will publish daily crosswords for the day. Players who…

Contraband Police review — The choice is yours

Video contraband police murder mystery I’ve heard a lot of bluster from developers about how choices in their game matter. A lot of the time, players are…

Something that’s cracked and gross Crossword Clue NYT

Something that’s cracked and gross Crossword Check Something that’s cracked and gross Crossword Clue here, NYT will publish daily crosswords for the day. Players who are stuck…

Uses X-ray vision on crossword clue

Posted on December 25, 2022 at 12:00 AM Thank you for visiting our website! Below you will be able to find the answer to Uses X-ray vision…

John Mulaney: My ‘star-studded’ intervention ‘saved my life’

Video people at john mulaney intervention John Mulaney channeled his rock bottom into a new comedy special. The 40-year-old comedian detailed his addiction struggles, time in rehab…