Content

Neuberger: Biden orders unprecedented, and ‘changing the calculus’ of cybersecurity

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks during the daily press briefing at the White House on February 17, 2021 in Washington, D.C. (Photo by Drew Angerer/Getty Images)
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks during the daily press briefing at the White House on February 17, 2021 in Washington, D.C. (Photo by Drew Angerer/Getty Images)

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger touted the Biden administration's infrastructure proposal and cybersecurity executive orders at the RSA Conference Tuesday as unprecedented for any presidency.

"This administration is committed to changing the calculus [of breaches], and the president has elevated cybersecurity in a way that no other has," she said.

The Biden administration is tackling cybersecurity on a number of fronts, Neuberger detailed, many of which either involve industry or could impact how security is managed across sectors. A broad executive order last week seeks to leverage federal purchasing to influence industry trends, revamping basic cybersecurity practices in government agencies and pursuing labeling standards to promote IoT security. In April, Biden signed an order targeting electric utility and grid cybersecurity, expected to be the first of several orders to better address risks tied to integrated computer systems, or ICS.

Biden's Jobs Plan included substantial research and development funding for technology projects, including post-quantum encryption, noted Neuberger in her remarks, as well as funding to create a domestic microchip fabrication industry. And several coordinated efforts from the State Department, Cybersecurity and Infrastructure Security Agency, and law enforcement have also chipped away at the issue. These include globally coordinated efforts to fight ransomware and state-sponsored hacking campaigns.

The goal, said Neuberger is to create a national culture of preparation for the future, rather than waiting for attacks to occur.

"While we must acknowledge breaches will happen and prepare for that, we simply cannot let waiting for the next shoe to drop be the status quo under which we operate," she said. The national security implications of doing so are too grave."

The effort to be more proactive starts with the federal government, said Neuberger, pointing to an effort to modernize internal cybersecurity defenses.

"Following SolarWinds incident response we were confronted by the hard truth that some of the most basic cybersecurity prevention measures weren't systemically rolled out across federal agencies," she said.

The cybersecurity executive order promoted the federal use of zero trust, multifactor identification, testing and endpoint detection and response. It also added basic security standards to software purchased by the government, which Neuberger said would likely improve security across industries as vendors incorporate those best practices across customer sets.

But ultimately the administration's hopes to create a marketplace of security by design that doesn't shift purely based upon the government power of the purse.

"For those of you already following these practices, thank you. And thank you for your leadership. Thank you for investing in security at the beginning of the process, and by extension, investing in national security. And thank you for setting the tone for the community by leading by example," Neuberger said. "You deserve recognition for your commitment to security, and you deserve more than that. You deserve credit in the marketplace. But today, that's hard."

The reason that's hard, she continued, is because neither government nor consumers have visibility into what software is developed securely, and what's not. "So while visibility and accountability are key drivers of software security, we are literally unable to factor them economically into our buying decisions."

The cybersecurity executive order included directives to develop optional security rating labeling for internet-of-things devices, akin to the health department grades that restaurants display. It would provide consumers, and the government, the ability to compare security between products.

Neuberger ended her talk with a call for industry to help in advancing cybersecurity for the good of the country.

"Bolstering the nation's cybersecurity, safeguarding our critical infrastructure and renewing America's advantages broadly are fundamental to the Biden administration's commitment to our national security strategy," she said. "Continued partnership with you, the private sector is critical to achieving these objectives."

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.