Hi, my name is Matt Mulcahy and I’m the Director of Business
Development at ProSource.
Today, I wanted to touch on the National Cybersecurity Strategy,
a strategy that was released by the White House last week.
They released this document: about 40 pages.
I read the entire thing, and I want to touch on four points
that really resonate with me. So let’s hop into it.
The first point
is touching on harmonizing and streamlining new and existing regulation.
This is huge.
Many regulatory frameworks are pushed by the federal government.
You have NIST, you have CMMC,
you have HITECH, you have HIPAA, you have the safeguard rules.
All of these federal frameworks overlap in some way.
It’s very frustrating, especially when you’re a business
that might have to adhere
to two different frameworks. If you’re in the health sector,
but you’re also dealing with financial information:
What do you prioritize first?
Do you prioritize HIPAA, HITECH, PCI, the safeguard rules?
It’s very confusing.
There’s not a lot of clear direction,
and it’s all coming from the federal government.
So this is great to see that they understand
there’s a problem here and they’re working to harmonize all of these
different regulatory frameworks across the federal government.
The second point here is holding the stewards of our data accountable.
If you’re entrusted with data that is sensitive,
you need to be held accountable.
If you have health information, if you have financial information,
if you have DOD schematics for the next-generation fighter pilot,
you need to build systems that are secure in order
to store that data and transmit it in a way that cannot be compromised.
We’ve seen a proliferation of supply chain attacks, and I believe this is directly
correlated to that type of threat against the federal government.
The next point here is
shifting liability for insecure software products and services.
Anyone can develop an app nowadays.
Anyone can push something
to the iOS marketplace, push something to the Windows Store.
Takes a little bit of money, and a little bit of competence to get it done,
but it doesn’t mean that that is safe and secure to use in your business.
You need to make sure people are following secure coding best practices,
and in order to do that, you need to incentivize and you also need to punish.
You can’t just do one or the other.
We see that that does not work.
This is what is happening today and it’s a problem.
And they’ve spotlighted this for a reason.
So very happy to see that, you know, people would be held
a little more accountable
for the applications they’re building and pushing consumers to use.
The fourth point is talking about the gigantic
cybersecurity shortfall we have right now when it comes to labor.
We don’t have enough cyber-skilled cybersecurity talent in the U.S.
to meet the demand.
We are a managed security services provider.
So we fill that gap for a lot of organizations.
But even we have trouble hiring talent.
This is a problem for everybody.
So it’s nice to see that they’re taking an aggressive approach,
hoping to train the next generation of cybersecurity talent
because none of this succeeds without adequate talent
to support all the initiatives that they are pushing.
I thought this is a great first step.
We’ll see how fast and agile this type of framework and approach will prove to be.
I’m very anxious to see good changes pushed down the pipe and
businesses being built and grown day by day.
But it’s a good first step and I’m looking forward to tracking this as we go
and hopefully posting more update videos as more updates are made available.
If you have any other questions, feel free to reach out to us.
You can DM us in the comments below
or just leave a message and a like if you liked the video.
Once again, my name is Matt.
I’m the Director of Business Development at ProSource. Have a great day.