[UPDATE September 16, 2024: On August 1, 2024 CISA officially released the CISA Secure by Design Software Acquisition Guide to help vendors implement Secure by Design principles and practices and for consumer to verify that products follow CISA's Secure by Design principles and practices. CISA is hosting two webinars to help parties understand and implement Secure by Design principles and practices; register here.]
This has been a long time coming and numerous people contributed to the "Buyers Guide", which CISA Director Jen Easterly proudly announced on June 12 at the CISA ICT_SCRM Conference in McLean VA. The Buyers Guide is the result of a public-private partnership between CISA and industry under the guidance of CISA's National Risk Management Center (NRMC), ICT_SCRM Task Force.
The ICT_SCRM Task Force has been conducted under a culture of teamwork, mutual respect and a dedication to one goal "To help secure the software supply chain and rebalance cyber-risk following Secure by Design principles and NIST Guidelines and Standards". The Buyers Guide hit the bulls-eye, thanks to the leadership of CISA's NRMC team and two highly proficient and dedicated leaders from industry, Tim Mackey and Joe Jarzombek, supported by a team of "foot soldiers" from across government and industry dedicated to working in collaboration, with mutual respect to achieve this goal. The Buyers Guide will be released by CISA (soon) and will be available at this location.
The June 12 conference was a constant flow of insightful information and a show of support across government and industry. This is a true role model for how to conduct a successful public-private partnership that delivers.
One of the recurring themes of the day was on full display during Tom Fanning's speech, former CEO of Southern Company: "Collaboration among public-private partners in critical infrastructure is essential to secure cyberspace across critical infrastructure"
This was especially refreshing for me to hear, coming from an Energy Industry Icon that understands just how essential collaboration is to protect against hacker attacks and keep the US Electric Grid reliable and resilient. He really does get it. Excellent speech Tom.
The CISA SCRM conference kicked-off a "D-day level effort" to address the scourge of ransomware and other cyber-crimes that are taking advantage of our trusting nature in software and digital products. The era of "blind faith" in software is ending and the era of "radical transparency" has begun, but we are only at the beginning; much more work remains to secure America's critical infrastructure from harm which impacts American health and happiness. This is going to require collaboration and tenacity across public-private stakeholders that are responsible for critical infrastructure - it takes a village and we must put our best players on the field to face the adversary, if we want to succeed in this quest.
I remain committed to working in the trenches as a "foot soldier" in CISA's SCRM Task Force supporting CISAs "Secure by Design" initiative within those work groups that I can best contribute value.
Congratulations to fellow ICT_SCRM Task Force members and CISAs "Secure By Design" team for your commitment and respectful contributions to these successes.