OODA Loop – The National Cybersecurity Strategy and the Future of “Coordinated Vulnerability Disclosure Across All Technology Types and Sectors” | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Organizations across all industry sectors (and their Board of Directors) should take a look at our recent analysis of the evolution of the upcoming SEC cybersecurity rules and  CISA’s Pilot Ransomware Warning System and Pre-Ransomware Notification Initiative.  The SEC will eventually provide cross-sector rules for reporting cyber incidents, while the CISA program is more of a public/private “collective intelligence” at work and more broadly collaborative. Both qualify as vital countermeasures that should be elevated to the boardroom as soon as possible and considered in a cross-functional manner across all organizations, big and small. 

Running parallel to the importance of these developments at the SEC and CISA is our research (including great OODAcast conversations) on Threat Intelligence and Coordinated Vulnerability Disclosure (CVD) – related processes that can support each other and contribute to cybersecurity resilience across all technology types and sectors.  Like the real danger of AI innovation at exponential speed and scale – and not adequately addressing AI governance, we hope that the 2023 National Cybersecurity Strategy becomes truly actionable and experiences a broad national implementation to address the severity of the cybersecurity challenges ahead. Threat intelligence and CVD should be central to such future efforts.   

Currently, the 2023 cybersecurity strategy has no metrics associated with it, so there is no reason for anybody to act on the recommendations in the strategy document. This is a perennial problem with these strategy documents.  We hold out hope that the 2023 National Cybersecurity Strategy is going to defy both the gravity and logic of the OODA Network’s collective experience that these strategy documents, historically, make a splash upon release and then gather dust in the beltway. 

In that hopeful vein, we will continue to track plans by the Office of the National Cybersecurity Director (ONCD)  to develop a r ..

Support the originator by clicking the read the rest link below.