TLDR:
– CISA Director Jen Easterly highlights the importance of using procurement power to enforce cybersecurity standards for software vendors.
– The release of a secure software development attestation form by CISA and OMB is a critical step towards securing the software supply chain.
Article Summary:
The head of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, emphasized the significant role that the Federal government can play in mandating security standards for software vendors through the procurement process. Easterly spoke at the GovernmentDX event in D.C., highlighting the power of procurement in enforcing cybersecurity measures. The release of a secure software development attestation form by CISA and the Office of Management and Budget (OMB) last month is a key development in ensuring that Federal contractors provide secure products to the government.
The secure software attestation form, a result of extensive stakeholder and industry engagement, aligns with President Biden’s 2021 cybersecurity executive order aiming to enhance the security of the software supply chain. Furthermore, an OMB directive issued in September 2022 requires Federal agencies to comply with National Institute of Standards and Technology guidance on software security. Federal agencies have six months from the finalization of the form to start collecting attestations for all third-party software.
Easterly also emphasized the importance of secure-by-design technology, urging companies and application developers to prioritize security in all aspects of software development. CISA’s secure-by-design guidelines, released a year ago, provide clear steps for technology providers to increase the safety of their products globally. The focus on security by design is crucial not only for effective operations but also for resilience in the face of cyber threats.
In conclusion, Easterly underscored the necessity of prioritizing security in the face of evolving threats from adversaries. By emphasizing security and fostering partnerships, the government and private sector can work together to ensure the continued operation and protection of critical services relied upon by all Americans.