The new plan calls for technology providers, and not end users, to be responsible for security…
An article review.
Following multiple high profile cybersecurity incidents in 2021 and 2022 the Biden Administration recently announced new long-term goals for the nation’s cybersecurity, and under the new plan companies that provide technology would carry more of the cybersecurity burden. Calling it “unfair and ineffective” to ask small businesses and individuals to manage cybersecurity risks by themselves, the government is calling for companies that make hardware and software to implement “secure by design” products which are tested more thoroughly.
Under the new plan, which follows a string of incidents including attacks on the Colonial Pipeline and SolarWinds, companies deemed central to the cybersecurity system would be held more responsible for vulnerabilities that impact their products, although specific consequences have not been outlined. Additionally, the Biden administration seeks to enhance threat sharing resources and cooperation between the public and private sectors when it comes to cybersecurity.
While the ultimate fate of this plan rests with Congress, the idea that technology providers bear more responsibility for security vulnerabilities isn’t likely to go away any time soon, and may prompt some providers to attempt to get ahead of any legislation that might be coming in the future.
Original article by Patsy Widakuswara writing for Voice of America.