There is plenty to talk about at the RSA conference this year. Five topics in particular need to receive ample attention and guidance to ensure cyber resilient critical infrastructure operations:
2. A solution to reliably identify trustworthy software objects and avoid risky software objects
3. The need to operate as one cohesive, respectful, collaborattive team with one fight and one common adversary, cyber criminals; eliminate the bifurcation of IT/OT, all cyber risk is business risk. We must address the root cause preventing the cybersecurity community from acting as one cohesive team with one fight and one common adversary in order to protect our critical infrastructure and Americans from harm
4. The need to harmonize and streamline baseline cybersecurity regulations to minimize compliance efforts and improve security protections across interdependent critical infrastructure sectors, see NOTE below
5. The need to eliminate political influence within the cybersecurity community. It does not inspire confidence in our collective ability to defeat cyber-crime when I see former CISA Directors and other cybersecurity leaders criticizing others just trying to do their jobs, proficiently.
NOTE: The EU Cyber Resilience Act (EU CRA) is in force effective 10 December 2024 with staggered deadlines for specific deliverables and expectations. US organizations supplying products with digital elements, i.e. software, for sale on the EU marketplace will need to comply with the EU CRA law. An EU CRA overview for US product suppliers is available online. Slide deck for presentation is available here. NASA has emerged as a leader across the US Government implementing Secure by Design Software Acquisition Guide best practices to procure and use only trustworthy products.
ย
ย