At a glance.
- NSA's role under the US Executive Order on Improving the Nation's Cybersecurity.
- Unmet priorities from the Solarium Commission.
- Funding improvements to cybersecurity.
NSA’s role under the cybersecurity Executive Order.
InsideDefense summarizes the NSA’s responsibilities under the Biden Administration’s Executive Order (EO) on Improving the Nation’s Cybersecurity. The Agency will serve on the Cyber Safety Review Board and develop new incident response and report-sharing procedures, in addition to issuing recommendations for improving zero trust adoption, source code testing, incident detection in National Security Systems (NSS), and NSS security. The NSA will also suggest new Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation (DFAR) information-sharing requirements. "What makes this an exciting moment in time is the national-level emphasis being put on this mission,” NSA Director of Cybersecurity Rob Joyce commented.
The Solarium Commission’s unmet priorities.
GovInfo Security highlights some of the US Cyberspace Solarium Commission’s yet unadopted proposals. Twenty-seven of the eighty-plus recommendations from the Commission’s 2020 report have found their way into US legislation. At RSA Conference 2021, industry experts flagged three top priorities: creating a Bureau of Cyber Statistics, passing a Federal breach reporting law, and bolstering public-private collaboration.
A Bureau of Cyber Statistics could clarify the threat landscape and inform policy, the panelists said. A national breach reporting law would standardize notification requirements across the fifty states. Effective public-private partnerships would facilitate rapid intelligence-sharing and involve industry in defense and security operations.
Cybersecurity doesn’t come cheap.
An opinion in The Hill calls on President Biden to put the Federal coffers where his mouth is, and back the cyber EO with budget increases. The public and private sectors have long been aware of their cyber vulnerabilities, but these shortcomings are costly to address—and attaching grant funding to cyber standards, as the Administration recently proposed, has failed in the past. Leadership, the author argues, is necessary but not sufficient for cybersecurity. FCW also worries about the EO’s “unfunded mandates,” noting lagging investments in modern technologies, data management policies, and other best practices across Federal agencies.
The Alliance for Digital Innovation, Cybersecurity Coalition, and Internet Association, along with ITI and CompTIA, are asking the Senate and House Appropriations Committees to add another $750 million to the Cybersecurity and Infrastructure Security Agency’s 2022 budget, another FCW piece reports. The funds would go towards furthering the National Cybersecurity Protection System, the Continuous Diagnostics and Mitigation Program, and National Cybersecurity Assessments and Technical Services, as well as state and local outreach efforts, zero trust initiatives, and workforce development investments.