Adrian Johnson
TLDR:
Key Points:
- Jen Easterly, director of the DHS Cybersecurity and Infrastructure Security Agency, highlighted the importance of addressing software quality to improve cybersecurity.
- She emphasized the need for software vendors to prioritize secure development processes and for Congress to consider software liability reform.
In a recent speech at the Black Hat security conference, Jen Easterly, the head of the Cybersecurity and Infrastructure Security Agency, underscored the critical role of software quality in enhancing cybersecurity. Easterly attributed the prevalence of breaches to a longstanding issue with software quality within the technology industry, calling it a multi-billion dollar cybersecurity industry. To tackle this challenge, Easterly and CISA introduced a secure by design pledge, which has garnered support from 200 companies since its launch in March.
Easterly emphasized the need for software vendors to no longer view vulnerabilities as inevitable occurrences but as product defects that require immediate attention. She proposed the idea of software liability reform, which would allow affected parties to sue companies for software flaws, prompting greater accountability in the industry. Additionally, Easterly advocated for Congress to establish a software liability regime with clear standards of care and safe harbor provisions for responsible innovators.
National Cyber Director Harry Coker also addressed the importance of resilience in the face of cyberattacks, particularly in critical infrastructure sectors. He expressed support for a bipartisan Senate bill on regulatory harmonization to streamline cybersecurity mandates for industries, as part of the administration’s policy initiatives. Coker highlighted the Department of Treasury’s efforts to create a federal cyber insurance backstop for catastrophic cyber events, aligning with the national cybersecurity strategy.
Overall, Easterly’s call for a shift in focus towards software quality as a key element of cybersecurity and the push for regulatory harmonization and liability reform underscored the importance of industry collaboration and accountability in improving overall cyber defense strategies.
