Private sector urged to collaborate with national cyber director in combating nation-state cyber threats

Private sector urged to collaborate with national cyber director in combating nation-state cyber threats

The Biden administration has unveiled a comprehensive National Cybersecurity Strategy aimed at enhancing product security and holding manufacturers accountable for insecure products. This strategy focuses on supply chain security, software supply chain transparency, and the enforcement of cybersecurity standards for products used by the government.

The private sector, according to Harry Coker, the newly confirmed National Cyber Director, is on the front lines in cyberspace, protecting both themselves and the American people. Recognising the overwhelming nature of existing cyber rules and regulations, the administration is working to harmonise these regulations, making them less burdensome for companies.

A key initiative of the strategy is the implementation of cybersecurity requirements for the federal supply chain. This mandates manufacturers and software providers supplying to the federal government to implement and attest to baseline cybersecurity practices, such as those outlined in NIST standards like SP 800-218 and the Secure Software Development Framework (SSDF). This move is intended to ensure accountability for secure development and delivery of software products.

The Department of Justice (DOJ) has also increased enforcement under the False Claims Act against companies falsely claiming compliance with cybersecurity standards. This includes biotechnology and medical device manufacturers, where liability may arise even without a demonstrated breach. This reflects the Biden administration’s approach to holding manufacturers legally accountable for cybersecurity representations.

Other initiatives include the Supply Chain Risk Illumination Programs, such as the General Services Administration’s (GSA’s) SCRIPTS program, which aims to enhance visibility and tooling around supply chain risks, incentivising manufacturers to maintain rigorous cybersecurity practices to participate in federal contracts.

The administration is also focusing on sensitive data protection, particularly health and genetic data, thereby holding manufacturers who process this data to higher cybersecurity accountability standards. Additionally, the strategy includes efforts like the Cyber Trust Mark to encourage better product security transparency and accountability among manufacturers supplying critical infrastructure and federal systems.

Recent regulatory uncertainty and shifts under subsequent executive orders and administrations affect specific mandates, such as attestation requirements. However, the core principle of manufacturer accountability for insecure products remains a priority under the Biden cybersecurity strategic framework.

In the realm of cybersecurity, the threat of hackers linked to the People's Republic of China looms large. Coker has repeatedly warned about these hackers attempting to gain access to critical U.S. infrastructure. To counter this threat, the administration is focusing on the use of memory-safe languages to improve software measurability and is seeking industry collaboration.

The Office of the National Cyber Director is also working on initiatives to reduce compliance burdens for companies and is seeking additional feedback from the industry on its initiatives. Furthermore, the administration is working to build a more diverse and robust cybersecurity workforce, as the industry has about half a million vacant job opportunities.

In his speeches, Coker has emphasised the need for collaborative work from the industry to protect these systems from malicious threats and has mentioned that there are actions that will be taken to address counter-normative behavior. The Office of the National Cyber Director is also consulting with academic and legal experts to explore tactics to hold manufacturers accountable for rushing insecure products to market.

In summary, the Biden National Cybersecurity Strategy advances manufacturer accountability primarily through requiring compliance with recognised security standards, enforcement via legal mechanisms like the False Claims Act, enhancing supply chain risk visibility programs, and promoting product transparency initiatives targeted at securing federal government and critical infrastructure supply chains.

1. Harry Coker, the National Cyber Director, has stated that the private sector plays a crucial role in cybersecurity, safeguarding both themselves and the American people, while acknowledging the need to simplify existing cybersecurity regulations.
2. As part of the National Cybersecurity Strategy, the administration has set forth that manufacturers and software providers supplying to the federal government must implement and attest to baseline cybersecurity practices, such as those outlined in NIST standards, to ensure secure development and delivery of software products.
3. Recognizing the threat of hackers from countries like the People's Republic of China and the need for a more robust cybersecurity workforce, the Office of the National Cyber Director is working on initiatives to reduce compliance burdens for companies and collaborating with academic and legal experts to explore tactics for holding manufacturers accountable for rushing insecure products to market.

Read also: