[UPDATE January 9, 2025:] The full Senate is expected to confirm Governor Noem as the new DHS Secretary on January 15. I'm very optimistic in what's ahead for implementation of effective Cyber Risk Management practices across critical infrastructure and the US Government.
[UPDATE December 28, 2024] I highly recommend that members of the new administration with an interest in cybersecurity take 15 minutes to watch this Keynote Address by CISA Director Easterly reciting all the good work performed by CISA's ICT Supply Chain Risk Management Task Force that created practical and effective guidance to identify trustworthy software products and avoid risky software products by following the CISA Secure by Design Software Acquisition Guide best practices.
[UPDATE December 12, 2024] I'm even more optimistic that we will see real improvements in implementations of effective cybersecurity policies and practices after seeing the people listed in this article up for consideration in the new administration. Feeling some good Karma!
I've been reading a lot of speculation about how the new administration is going to respond to cybersecurity protections across critical infrastructure and I've come to the conclusion that the nations pursuit of practical and effective cybersecurity protections will advance more efficiently and effectively under the new DHS Secretary nominee, South Dakota Governor Kristi Noem, given her commitment to cybersecurity initiatives in South Dakota. Here are two of Secretary Noem's writings that give me reason for optimism that the good work on Cybersecurity protections from NIST and CISA will continue to advance in a positive direction under her leadership:
South Dakota Cybersecurity Commitments
Don't be surprised when you see Dakota State University serving in a much more influential and useful role with critical infrastructure cybersecurity, which they have earned (but have never received recognition for). Personally, I would be pleased to see Dakota State University become the "Trust Registry" listing trusted products that everyone could query when considering which "trustworthy" products to purchase. That would be very useful to all Americans and American companies to avoid buying known defective software products.
The new administration has the opportunity to advance "radical transparency" for software consumers enabling them to know if a software product is trustworthy before buying or installing a product. The current administration has been effective at identifying the need for radical transparency to consumers, but has failed to implement actual solutions that can help consumers avoid risky, defective products. A concept similar to New York City trust scores used by restaurants to indicate adherence to cleanliness standards would also provide software consumers the information they need to make a risk-based buying decision and avoid risky software. The new administration has the opportunity to establish a "Trust Registry for Software Products" that can give consumers the visibility they need to avoid risky products and the harm they can bring, like ransomware. I look forward to working with the new administration to implement a "Trust Registry" to provide the information that will protect American consumers, businesses and government entities from buying and installing risky, defective products.
I'm equally optimistic to see Chris Wright, an MIT techie, taking over at DOE. I'm confident we will see more support for cybersecurity practices to protect our entire energy infrastructure from software supply chain risks.
I also asked Microsoft Copilot about Governor Noem's views on cybersecurity. I believe our cybersecurity goals and aspirations are in good hands under the new administration. Let's not forget it was President Trump that initiated cybersecurity improvements for the electric grid
I have good reason to be optimistic based on these past writings and these AI observations.
Microsoft Copilot:
The Perplexity AI platform provides a similar narrative, certainly positive, IMO.
I'm speculating, under the new administration, there will be much less government money being spent by US Government personnel traveling the world to attend lavish cybersecurity parties and marketing VEX. That's a good thing IMO. Hopefully this money will be spent actually protecting Americans from cyber threats and risks.