CISA says U.S. has a ‘failed model’ for cybersecurity detection and response

The U.S.'s cybersecurity model being centered on the immediate discovery and remediation of vulnerabilities has been noted by Cybersecurity and Infrastructure Security Agency Executive Assistant Director for Cybersecurity Eric Goldstein to be a "failed model," which should instead transition into demanding more responsibility from software and hardware providers while reducing burdens for organizations with limited resources, reports CyberScoop. Technology providers have been urged by Goldstein to be more accountable for hardware and software vulnerabilities by activating multi-factor authentication and other default security controls, as well as leveraging secure development practices. "What we're seeing today, we believe, is systematic cost transference from technology providers who make decisions to design products a certain way to customers, who then have to bear the burden to patch, to mitigate, to respond. It doesn't make sense to us, at least as applied to smaller organizations that really can't bear that burden," said Goldstein at an International Information System Security Certification Consortium event.