The US Department of Defense (DoD) has issued a summary of its 2023 Cyber Strategy, outlining its approach to cybersecurity and national defense in the cyber domain. The full strategy, which remains classified, was submitted to Congress in May and builds upon the plans set out in the 2022 National Security Strategy, 2022 National Defense Strategy, and the 2023 National Cybersecurity Strategy. The unclassified summary highlights the DoD’s commitment to working collaboratively with other national defense tools to implement cybersecurity strategies.

One of the key aspects of the strategy is the DoD’s focus on increasing collective cyber resilience by strengthening the cyber capabilities of allies and partners. This marks a departure from previous iterations of the strategy and reflects the department’s approach to defending the homeland through the cyber domain. The integration of cyber capabilities into traditional warfighting capabilities is also prioritized.

Ted Miracco, CEO of Approov Mobile Security, sees the strategy as a shift towards a more proactive approach to cybersecurity. Miracco emphasizes the importance of execution in order to achieve meaningful improvement in cyber resilience. He notes that the strategy’s emphasis on information sharing and partnerships is positive but calls for sustained commitments to back up these efforts.

Emily Phelps, Director at Cyware, weighs in on the strategy’s implications for securing critical infrastructure. She highlights the complexity of securing critical infrastructure in today’s threat landscape and stresses the need for a modern and proactive approach. Phelps emphasizes the importance of strategic automation and collaborative intelligence sharing to enable effective actions against adversaries.

In another development, the US Customs and Border Protection Agency (CBP) has announced that it will no longer use commercially sourced smartphone location data. Law enforcement agencies, including CBP, have previously purchased access to phone location data from commercial vendors to aid in their investigations. Senator Ron Wyden welcomes the decision but raises concerns about the lack of transparency surrounding the Trump-era DHS legal memo that authorized CBP to engage in warrantless surveillance using location data.

CBP’s decision to end the use of location data is seen as a positive step, but questions remain regarding the agency’s future actions. Julie Mao, deputy director of legal advocacy firm Just Futures Law, expresses cautious optimism, highlighting the need to wait and see what actions CBP will actually take.

In addition, the Cybersecurity and Infrastructure Security Agency (CISA) has released its Open Source Software Security Roadmap for the Federal government. The roadmap outlines four key priorities to secure the open source software ecosystem, including establishing CISA’s role in supporting open source software security and reducing risks to the federal government. The roadmap’s objectives are intended to be implemented over the next several fiscal years.

Nick Mistry, SVP and CISO of Lineaje, believes that the roadmap represents a step towards changing the approach to open source software security. Mistry suggests that federal agencies and software vendors must adopt the principles outlined in the roadmap to ensure the security of the open-source software being used. He emphasizes the need for organizations to demonstrate what is being done to mitigate risks associated with open source software.

CISA has solicited feedback on the roadmap, with notable input from Chris Wysopal, CTO and co-founder of Veracode. Wysopal emphasizes the importance of continuously inventorying open source software in applications and implementing a highly automated software development life cycle (SDLC) to address vulnerabilities effectively. He also highlights the need for software buyers to inquire about vendors’ processes for updating open source libraries to close vulnerability windows.

The issues addressed in the DoD’s cyber strategy, CBP’s decision on location data, and CISA’s Open Source Software Security Roadmap highlight the ongoing efforts to enhance cybersecurity and protect critical infrastructure. These actions demonstrate a recognition of the evolving threat landscape and the need for proactive approaches to cybersecurity.

Lidhja e burimit