US National Cybersecurity Strategy and EU Cyber Resilience Act - Ep 61

In this episode, Rob and Stan look at a couple of drives to impose law and order on cybersecurity.

First the new US National Cybersecurity Strategy for the US.

“I actually see this as being a pretty sharp break from the past. If it's fully implemented, I think the potential to change the US cybersecurity posture will significantly be improved for the better.”

“The strategy does put an emphasis on holding software vendors more directly responsible for the security of their technologies. And it recognizes that if left to its own devices, the software market many times rewards vendors that under invest in security and get things out to market faster. It’s been proven time and time again that market pressures are not necessarily going to result in more secure products.”

“This is going to take time. They're talking about a 10 year window here for the cybersecurity act….so the implementation of this through various administrations who may have different priorities is going to be interesting.”

Rob and Stan also reflect on how the US strategy compares to the the EU Cyber Resilience Act, revealed in September 2022.

“They actually are very focused on personal data and ensuring that there's the protection and confidentiality and integrity of the data of the individuals. There are vulnerability disclosures that are required from the manufacturers.”

"If you are to improve compliance, you're not doing business in the EU. That's the one that really resonates, right? That's what's going to make people say  “Well, I have to if I want to be able to generate the type of business I require from the entire EU marketplace.”"

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.