After lengthy negotiations and revisions, the White House has finally released its National Cybersecurity Strategy document, outlining it's priorities and goals. It's a wide-ranging and ambitious document consisting of five major areas of focus, or "pillars". What's new here? What will it mean for businesses and critical infrastructure? And what does this mean for you and I? Today I'll cover all of that and more with Josh Corman from I Am the Cavalry and formerly with the US Cybersecurity and Infrastructure Security Agency (CISA).
Interview Notes
National Security Strategy doc: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
Consequential Cybersecurity: https://claroty.com/blog/consequential-cybersecurity-brace-yourself-for-the-white-house-national-cybersecurity-strategy
PPD-21: https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil
Known Exploited Vulnerabilities catalog : https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Swimming with Sharks TED talk: https://www.youtube.com/watch?v=rZ6xoAtdF3o
I Am the Cavalry: https://iamthecavalry.org/
CISA Secure by Design: https://www.cisa.gov/securebydesign
Further Info
Nominate someone for a challenge coin: https://fdsd.me/quest
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Support our mission! https://fdsd.me/support
Subscribe to the newsletter: https://fdsd.me/newsletter
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:55: Interview setup
0:04:00: What is this strategy document, at a high level?
0:14:02: What are some of the more important or novels aspects?
0:18:05: Do agencies have the budget and authority to implement these strategies?
0:22:11: Will having a gov't backstop actually encourage attacks or discourage preparation?
0:30:40: Should the gov't actively scan US firms/orgs for vulnerabilities?
0:36:56: What should we do about the marketplace for zero-day hacks?
0:39:52: How aggressive should the US be against hackers?
0:41:03: What is NOT addressed by this strategy?
0:45:55: How should be manage our dependencies on foreign software and hardware?
0:52:59: What can everyday people take away from these strategies?
0:59:50: Has this document already had impacts? How do we monitor progress?
1:03:56: Interview wrap-up
1:07:40: Looking ahead