{"id":25166,"date":"2023-04-13T11:55:10","date_gmt":"2023-04-13T09:55:10","guid":{"rendered":"https:\/\/stage-fp.webenv.pl\/blog\/?p=25166"},"modified":"2023-04-13T11:55:11","modified_gmt":"2023-04-13T09:55:11","slug":"usa-significant-shifts-in-cybersecurity-policy-ahead","status":"publish","type":"post","link":"https:\/\/www.future-processing.com\/blog\/usa-significant-shifts-in-cybersecurity-policy-ahead\/","title":{"rendered":"USA: significant shifts in cybersecurity policy ahead"},"content":{"rendered":"\n

The National Cybersecurity Strategy<\/a> replaces the old document issued by the Trump administration 5 years ago and aims to protect both national security and public safety as well as economic prosperity.<\/strong><\/p>\n\n\n

\n
\n \n \"USA <\/a>\n <\/figure>\n \n
\n
\n \n Close picture \n <\/use>\n <\/svg> <\/button>\n
\n
\"USA <\/figure>\n <\/div>\n <\/div>\n<\/div>\n <\/div>\n\n\n\n

What we want to focus on today is point no. 3 – place responsibility for cybersecurity on tech companies,<\/mark><\/strong> which pertains to all software companies operating in the American market.<\/p>\n\n\n\n


Software companies to be responsible for security<\/h2>\n\n\n\n

What the new cybersecurity strategy emphasizes is the need for the private sector to take far greater responsibility for the software that they create<\/strong> \u2014 in order to assure that their systems are well-protected against cyber criminals. <\/strong>More responsibility will be demanded from larger and better-resourced organizations in particular \u2014 incorporating minimum security standards into their products will be a must.<\/p>\n\n\n\n

This is a matter of both private and public security, <\/strong>since hackers are often backed by China, Russia or North Korea, and not letting them get into any critical networks is absolutely essential in terms of both politics and economics.<\/p>\n\n\n\n


The most significant shift over decades<\/h2>\n\n\n\n

As of yet, the modus operandi <\/em>has been quite different from what it is going to look like soon: right now, if there are any flaws or weaknesses within a security system, the client (whether this is a private person or business entity) currently assumes all of the risks.<\/strong><\/p>\n\n\n\n

They are responsible for not updating the software solutions that they use, and the creators cannot be punished for the mistakes that they made. In short, if you were unlucky and lost something \u2014 that\u2019s too bad, c\u2019est la vie<\/em> \u2014 it\u2019s your own fault though, so do better next time.<\/p>\n\n\n\n

Now the U.S. government has decided to take a step back and ask why the system needed to be updated in the first place<\/strong> and what actually happened to make the software so vulnerable. Maybe the minimum required standards weren\u2019t met\u2026? Maybe the makers of the software unnecessarily jeopardized their clients\u2019 safety due to carelessness or oversight?<\/p>\n\n\n\n

The responsibility for software security is therefore to be transferred to those who actually created the software, <\/strong>and not to those who use it. In other words, the most vulnerable party will be better protected, and the most powerful \u2014 finally liable for their actions (or lack of actions, to be more precise).\u00a0<\/p>\n\n\n\n


The end of the ‘optional’ era, without any real obligations<\/h2>\n\n\n\n

For years, companies have been told that they can voluntarily report hacking attempts and intrusions, but it hasn\u2019t been required of them.<\/strong> Also, they have been allowed to simply patch their systems in order to fix detected vulnerabilities. However, as Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, has said<\/a>: <\/p>\n\n\n

\n
\n \n <\/use>\n <\/svg>\n \n
\n The fundamental recognition in the strategy is that a voluntary approach to securing [critical infrastructure and networks] is inadequate. <\/div>\n <\/div>\n
\n
\n
\n
\n Anne Neuberger <\/div>\n <\/div>\n \n
\n the deputy national security adviser for cyber and emerging technologies <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/div>\n\n\n\n

This shift in attitude is quite significant, <\/strong>and also necessary in order to make the entire ecosystem both easier to defend and much more resilient against any cyber threats. And this is also consistent with the political narrative of the EU<\/a> and Australia<\/a> \u2014 the western world seems to be pretty unanimous in their efforts to ensure digital safety. But this comes as no surprise, since these days, this translates directly into national and international security, and from the lowest to the highest levels.<\/strong><\/p>\n\n\n\n


Possible consequences<\/h2>\n\n\n\n

Of course, one of the most important aspects of this shift is the penalties that could be imposed on the companies that don\u2019t comply.<\/strong> As far as we know, the disciplinary mechanisms from GDPR or NIS2<\/strong> are going to be put in place, meaning that organizations will have to pay high fines for not meeting the minimum standards of security and endangering their clients. Should they be worried? Not at all \u2014 as long as they take a good approach and follow proper security measures.<\/p>\n\n\n\n


How to prepare<\/h2>\n\n\n\n

If you\u2019re a software development company, you should be interested in complying with the newest regulations, <\/strong>whether you operate in the American market or not. As we\u2019ve mentioned above \u2014 soon it is going to look more or less the same in the EU and the UK, as well as in Australia. There\u2019s no escaping the changes<\/strong> that are about to happen, but you can prepare your business and avoid any major disruptions.<\/p>\n\n\n\n

Here\u2019s what you can do:<\/p>\n\n\n\n


1. Hire a cybersecurity expert or experts.<\/strong><\/h3>\n\n\n\n

You may decide to expand your internal team<\/strong> with some new members \u2014 responsible solely for cybersecurity. Keeping everything in-house may be a good idea for smaller companies with less complex infrastructure.<\/p>\n\n\n\n


2. Cooperate with an experienced IT partner.<\/strong><\/h3>\n\n\n\n

If you\u2019re a medium-sized or larger organization \u2014 you may want to build your security strategy together with an experienced partner, <\/strong>in order to off-load your internal resources and operate even more effectively. For example, security management during software development (Security Development Lifecycle<\/a>) is one of our core services, meaning, we\u2019ve already been doing what everyone else will soon be forced to do for quite some time.<\/strong><\/p>\n\n\n\n

This means that cooperating with Future Processing would give you a more thorough competitive edge from the ground up, since you would benefit from all of the invaluable experience that others are just about to start gaining.<\/p>\n\n\n\n


No matter which route you choose to take, take it seriously, but also try not to panic.<\/strong> With a little bit of expert help (from internal or external sources), your business activities won\u2019t be disrupted, and you will be able to get through more challenging times with ease.<\/p>\n\n\n

\n \n \"Cybersecurity_Consulting_Future_Processing\" <\/a>\n \n \n
\n

\n Not sure how to comply with new regulations? <\/h3>\n \n
\n

Let’s prepare for the shifts in cybersecurity policy and build your security strategy together<\/p>\n <\/div>\n \n

\n Let\u2019s talk<\/span>\n \n <\/use>\n <\/svg> <\/div>\n <\/div>\n <\/a>\n <\/div>\n","protected":false},"excerpt":{"rendered":"

The Biden-Harris administration recently released the National Cybersecurity Strategy, which creates a new digital ecosystem in the U.S. that should be safe and secure for all Americans.<\/p>\n","protected":false},"author":182,"featured_media":25169,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2110],"tags":[],"coauthors":[2010],"class_list":["post-25166","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"acf":{"reading-time":"5 min","show-toc-sublists":false,"image":null,"logo":null,"button1":{"button1_type":"","button":null},"button2":{"button2_type":"","button":null},"person":{"person_photo":null,"person_name":"","person_position":""}},"_links":{"self":[{"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/posts\/25166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/users\/182"}],"replies":[{"embeddable":true,"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/comments?post=25166"}],"version-history":[{"count":0,"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/posts\/25166\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/media\/25169"}],"wp:attachment":[{"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/media?parent=25166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/categories?post=25166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/tags?post=25166"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.future-processing.com\/blog\/wp-json\/wp\/v2\/coauthors?post=25166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}