Return to blog index

National Cybersecurity Strategy - 4 key takeaways

The White House just released a new National Cybersecurity Strategy. What does this mean for business owners, especially those regulated by rigid compliance frameworks? Our Director of Business Development, Matt, breaks it down.

Posted on · Last updated on

Hi, my name is Matt Mulcahy and I’m the Director of Business

Development at ProSource.

Today, I wanted to touch on the National Cybersecurity Strategy,

a strategy that was released by the White House last week.

They released this document: about 40 pages.

I read the entire thing, and I want to touch on four points

that really resonate with me. So let’s hop into it.

The first point

is touching on harmonizing and streamlining new and existing regulation.

This is huge.

Many regulatory frameworks are pushed by the federal government.

You have NIST, you have CMMC,

you have HITECH, you have HIPAA, you have the safeguard rules.

All of these federal frameworks overlap in some way.

It’s very frustrating, especially when you’re a business

that might have to adhere

to two different frameworks. If you’re in the health sector,

but you’re also dealing with financial information:

What do you prioritize first?

Do you prioritize HIPAA, HITECH, PCI, the safeguard rules?

It’s very confusing.

There’s not a lot of clear direction,

and it’s all coming from the federal government.

So this is great to see that they understand

there’s a problem here and they’re working to harmonize all of these

different regulatory frameworks across the federal government.

The second point here is holding the stewards of our data accountable.

If you’re entrusted with data that is sensitive,

you need to be held accountable.

If you have health information, if you have financial information,

if you have DOD schematics for the next-generation fighter pilot,

you need to build systems that are secure in order

to store that data and transmit it in a way that cannot be compromised.

We’ve seen a proliferation of supply chain attacks, and I believe this is directly

correlated to that type of threat against the federal government.

The next point here is

shifting liability for insecure software products and services.

Anyone can develop an app nowadays.

Anyone can push something

to the iOS marketplace, push something to the Windows Store.

Takes a little bit of money, and a little bit of competence to get it done,

but it doesn’t mean that that is safe and secure to use in your business.

You need to make sure people are following secure coding best practices,

and in order to do that, you need to incentivize and you also need to punish.

You can’t just do one or the other.

We see that that does not work.

This is what is happening today and it’s a problem.

And they’ve spotlighted this for a reason.

So very happy to see that, you know, people would be held

a little more accountable

for the applications they’re building and pushing consumers to use.

The fourth point is talking about the gigantic

cybersecurity shortfall we have right now when it comes to labor.

We don’t have enough cyber-skilled cybersecurity talent in the U.S.

to meet the demand.

We are a managed security services provider.

So we fill that gap for a lot of organizations.

But even we have trouble hiring talent.

This is a problem for everybody.

So it’s nice to see that they’re taking an aggressive approach,

hoping to train the next generation of cybersecurity talent

because none of this succeeds without adequate talent

to support all the initiatives that they are pushing.

I thought this is a great first step.

We’ll see how fast and agile this type of framework and approach will prove to be.

I’m very anxious to see good changes pushed down the pipe and

more secure

businesses being built and grown day by day.

But it’s a good first step and I’m looking forward to tracking this as we go

and hopefully posting more update videos as more updates are made available.

If you have any other questions, feel free to reach out to us.

You can DM us in the comments below

or just leave a message and a like if you liked the video.

Once again, my name is Matt.

I’m the Director of Business Development at ProSource. Have a great day.

Speak with an IT expert

Schedule a free, 30-min consultation with one of our IT experts — if, after the call, you didn’t get any value, we’ll buy you a coffee!

Check out our resource library

We’re always adding new content to our digital library. Our blog articles, guides, and customer stories cover a broad spectrum of topics like emerging tech, industry-specific regulations, and security best-practices — just to name a few.