Several systemic weaknesses make IT systems inherently difficult to defend from a cybersecurity perspective. These weaknesses include vulnerabilities in computer code, misaligned incentive structures, a lack of understanding of critical interdependencies, and difficulties in managing the supply chain for both hardware and software. Although current cybersecurity practices can reduce the risk from these threats, substantially altering the balance between intruders and defenders will require sustained research and development (R&D) activity. In many cases, due to the fundamental, broad, long-term nature of the problem, the Federal government is the right sponsor for such R&D. Research and development funding in any or all the following areas would help address a critical systemic weakness: supply chain; secure coding practices; automation, artificial intelligence and machine learning; incentives; encryption and key management; understanding interdependencies and incentives; defenses against data manipulation; and workforce training.
Author: Cyber Threat Alliance
An Update on the State of the SEC’s Approach to Cyber Risk
This update follows the March 2021 State of Cyber-Risk Disclosures of Public Companies. Recent cyber-related comments and enforcement actions by the U.S. Securities and Exchange Commission made clear that the SEC has escalated its scrutiny of the cybersecurity disclosures of [...]
Institute for Security and Technology – Ransomware Task Force Report
Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, [...]
The State of Cyber-Risk Disclosures of Public Companies
The U.S. Securities and Exchange Commission (the “SEC,” or the “Commission”) has in recent years demanded greater transparency from public companies in how they identify, measure, and manage cyber-risk. In the wake of SolarWinds and the increased supply-chain security scrutiny in Washington [...]