After lengthy negotiations and revisions, the White House has finally released its National Cybersecurity Strategy document, outlining it’s priorities and goals. It’s a wide-ranging and ambitious document consisting of five major areas of focus, or “pillars”. What’s new here? What will it mean for businesses and critical infrastructure? And what does this mean for you and I? Today I’ll cover all of that and more with Josh Corman from I Am the Cavalry and formerly with the US Cybersecurity and Infrastructure Security Agency (CISA).
- National Security Strategy doc: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
- Consequential Cybersecurity: https://claroty.com/blog/consequential-cybersecurity-brace-yourself-for-the-white-house-national-cybersecurity-strategy
- PPD-21: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
- Known Exploited Vulnerabilities catalog : https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Swimming with Sharks TED talk: https://www.youtube.com/watch?v=rZ6xoAtdF3o
- I Am the Cavalry: https://iamthecavalry.org/
- CISA Secure by Design: https://www.cisa.gov/securebydesign
- Nominate someone for a challenge coin: https://fdsd.me/quest
- Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
- Give the gift of privacy and security: https://fdsd.me/coupons
- Send me your questions! https://fdsd.me/qna
- Support our mission! https://fdsd.me/support
- Subscribe to the newsletter: https://fdsd.me/newsletter
- Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
- Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest
- Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
- 0:01:55: Interview setup
- 0:04:00: What is this strategy document, at a high level?
- 0:14:02: What are some of the more important or novels aspects?
- 0:18:05: Do agencies have the budget and authority to implement these strategies?
- 0:22:11: Will having a gov’t backstop actually encourage attacks or discourage preparation?
- 0:30:40: Should the gov’t actively scan US firms/orgs for vulnerabilities?
- 0:36:56: What should we do about the marketplace for zero-day hacks?
- 0:39:52: How aggressive should the US be against hackers?
- 0:41:03: What is NOT addressed by this strategy?
- 0:45:55: How should be manage our dependencies on foreign software and hardware?
- 0:52:59: What can everyday people take away from these strategies?
- 0:59:50: Has this document already had impacts? How do we monitor progress?
- 1:03:56: Interview wrap-up
- 1:07:40: Looking ahead