7

Biden Administration Releases National Cybersecurity Strategy - Slashdot

 1 year ago
source link: https://news.slashdot.org/story/23/03/02/1637230/biden-administration-releases-national-cybersecurity-strategy
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Biden Administration Releases National Cybersecurity Strategy

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area.
×

The Biden administration is promising to hold software developers and critical infrastructure to tougher security standards and apply more pressure on ransomware gangs as part of its first national cybersecurity strategy, released Thursday. From a report: The nearly 40-page document provides a roadmap for new laws and regulations over the next few years aimed at helping the United States prepare for and fight emerging cyber threats. The strategy -- which was crafted by the two-year-old Office of the National Cyber Director (ONCD) -- has five "pillars": defend critical infrastructure; disrupt and dismantle threat actors; shape market forces to drive security and resilience; invest in a resilient future; and forge international partnerships. The strategy includes a wide range of tasks, from modernizing federal systems' cybersecurity defenses to increasing offensive hacking capabilities in the intelligence community. The administration will start working with Congress and the private sector on legislation that would hold software makers liable for security flaws if they fail to follow security best practices, like those developed by the National Institute of Standards and Technology.

The administration will start working with Congress and the private sector on legislation that would hold software makers liable for security flaws if they fail to follow security best practices, like those developed by the National Institute of Standards and Technology.

Tell me you don't understand the complexity of modern software without telling me you don't understand the complexity of modern software.

This coming from the same government which failed to understand that it takes a certain amount of water to flush a turd, and they think they should be regulating software security practices? I can't wait to see what low-flush software security looks like.

  • Re:

    Nice FP, but we've already lost this battle. Wasn't it that REAL Republican Abe Lincoln who said something about the house divided against itself? But I still blame Microsoft for perfecting the EULA approach to no-liability software. Can you imagine how different the software industry would be if that stunt hadn't worked? (Me neither.)

    Still, I'll ahead and ask for an up-to-date citation. The best book I've read (of many) on this topic is still Cyber War by Richard Clarke. Surely there's something better t

  • Re:

    This is a standard US government media release of the type every administration does on an almost monthly basis.
    Don't get your knickers in a twist about it because it's just a part of the song and dance where they pretend they're interested in governing responsibly and the media pretend to believe them.

    • Re:

      Hey, I've heard that one before, in Russia they call it a "vranya".

  • Re:

    I'm thinking that this is probably not intended to actually force secure software, but rather start to add some compliance requirements, and create barriers of entry for imported internet connected devices. After all, following "best practices" can really be whatever the industry decides, be it good or bad.

    I suspect that the least worst scenario will be to force development to plan for security testing, and document it in an auditable manner. Meanwhile, hardware has certain security standards and devices (s

    • Re:

      Which is a potential disaster for OSS, because companies will be afraid to run anything that isn't officially certified as compliant.

      Also, holding open source developers responsible for failed compliance? Good luck with that. This entire concept is poorly conceived and it's like it was written by someone who has no clue whatsoever how the internet actually works. They're laboring under the delusion that security works like it does in the physical world, where you can just put a lock on a door which has b

      • Re:

        Some of that may be by design. Guarantee if they actually implement anything it will be lobbied by the big money software companies into something that pushes smaller companies out of the market, and probably gets rid of OSS as a viable concept for anybody that's not just hobby-tinkering around on their own things.

        That's the way our government works. Announce something way before action. Allow the big industry players to pool their resources (i.e. bribe money), take "public input" on the matter to make it l


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK