What You Need to know about American Cybersecurity Initiative
The first step in dealing with an issue seriously is admitting that you have one. The White House just announced its "Strengthening America's Cybersecurity" project.
The announcements entail several phrases that everyone who has read about cybersecurity would have heard numerous times: boosting resilience, raising awareness, fending off ransomware assaults, and so on.
The announcement contains some original ideas, such as the insight that cybersecurity is not, never has been, and never will be a problem that The nation can resolve at the nation-state level.
The White House also suggested IoT warning labels as a remedy and emphasised the value of cybersecurity education, something we all need to be reminded of. Let's look at it.
International cooperation is critical.
The White House statement makes it clear that cyberattacks are asymmetrical in that threat actors can freely cross international borders. In the meantime, defenders are frequently constrained by legal obligations that forbid proportional answers.
Attackers feel protected since domestic regulations and enforcement are lax. Still, they are free to attack systems running nearly anywhere on the earth regardless of how strictly the law is upheld in the victim's home nation.
Any solutions discovered will be little more than band-aids if the problem is not addressed globally. The White House proposal makes several accurate statements about how NATO and other international allies will play a key role in cybersecurity.
Foreign collaboration is not the best answer yet, as the defence landscape grows to a size that resembles the issue's size when foreign partners collaborate. This is still a piecemeal approach with limited success.
What we need is a global agreement that makes cybersecurity law binding. We can consider the effects of international marine law, for instance.
Nevertheless, it is clear that sharing knowledge regarding threat actors, methodology, and cutting-edge tactics is in everyone's best interests and, if done properly, will speed up responses to emerging threats.
Cybersecurity education continues to matter.
The emphasis on expanding cybersecurity education is another intriguing feature of the Strengthening America's Cybersecurity plan. As we are frequently and painfully reminded, cybersecurity is mostly a human issue rather than a technical one.
Increasing cybersecurity literacy and educating individuals on the fundamentals of safe online conduct at all levels of personal and professional life will have cascading effects on risk reduction and lessening the severity of accidents that will inevitably still happen.
Consider the NIST-supported National Initiative for Cybersecurity Education (NICE). It makes a valiant effort with a structured framework, frequent events, and newsletter updates. Of course, no remedy is infallible, but the combined consequences of each effort will make a difference.
What about risk labels for IoT devices?
A new risk labelling system for IoT devices is the subject of intense discussion. Similar to how food labels show ingredients and nutritional information, consumer cybersecurity labels are meant to serve as a means of disclosure.
However, the effectiveness of a consumer cybersecurity label is still up for debate. It is questionable whether a label written half a year ago will be accurate when a device is on a shelf at Best Buy because new vulnerabilities are constantly being discovered.
Furthermore, lacking sufficient international support, the labelling project will likely fragment, just like GDPR did, as some websites have chosen to ban all traffic from GDPR-affected nations rather than attempting to adhere to GDPR standards.
Another issue is the possibility of an attacker using a label as an "a la carte" menu. An attacker will only find it simpler if a device's label explicitly lists all the cybersecurity safeguards it has in place because it can save time by forgoing blatantly ineffective attack methods.
A Continuous process
A consumer cybersecurity label is a positive development in a field where progress is frequently difficult to achieve. Consumer cybersecurity labels have the potential to improve security conditions across the Internet and its various networks if properly deployed. The same is true of the increasing number of programs for cybersecurity education.
But the devil, as they say, is in the details, and those have yet to be revealed. The summary is that the US government is at least trying to assist the people and companies of the nation in controlling the cybersecurity threat.