CISA Directory Jen Easterly delivered a blistering speech Monday warning that technology providers have “normalized the deviant behavior of operating at the bleeding of the accident boundary.”
Why it matters: The speech was delivered as the Biden administration prepares to unveil a new National Cybersecurity Strategy that will lay out initiatives intended to improve cybersecurity protections across the country and is expected to emphasize critical infrastructure and private sector collaboration.
- The U.S. faces cyber intrusion constantly Easterly says cyber intrusions happen every day but they are rarely publicized despite the harm they cause.
- Easterly called for legislation that would prevent technology manufacturers from removing all liability for vulnerabilities from contracts — the kind of user terms of service that most customers simply click past without reading.
- Easterly noted that the U.S. has a multibillion-dollar cybersecurity industry because companies have not been incentivized to embed their products with cybersecurity features from the beginning.
- Calls for developers to use more secure coding languages like Python, Java, and Go instead of C and C++ that allow for several classes of vulnerabilities to be introduced were made. Companies like Mozilla, Apple, and DropBox were applauded for actively seeking to embed security within products.
Go Deeper —>
