On March 2, 2023 the US National Cybersecurity Strategy was published listing five pillars as the key goals of the strategy. One of the pillars listed identifies “Shape Market Forces to Drive Security and Resilience”. A YouTube video presentation from Kemba Walden and Anne Neuberger refer to this as the need to “rebalance cybersecurity risk across the digital ecosystem”, indicating a need for more “risk ownership” by the software supply chain, suppliers of software apps and stewards of our data. I’ve written about what “rebalancing cybersecurity risks” may look like, but the real solution needs to come from an authoritative body with the ability to implement the solution. Could that be CISA’s JCDC?
JCDC’s core functions include:
-
Developing and coordinating plans for cyber defense operations and supporting execution of those plans,
-
Driving operational collaboration and cybersecurity information fusion between public and private sectors, for the benefit of the broader ecosystem, and
-
Producing and disseminating cyber defense guidance across all stakeholder communities.
The solution must include participation, and commitment, from the high-tech community, i.e., software suppliers, app stores, etc., and the consumers that use these products. IMO, CISA is the proper party to lead the effort to define, and oversee implementation of, the “cybersecurity rebalancing solution”, internationally.