WebProNews

Tag: Kemba Walden

  • Biden Administration Prepares to Regulate Cloud Security

    Biden Administration Prepares to Regulate Cloud Security

    The Biden Administration is preparing to regulate cloud security, viewing the industry as too great a security risk to ignore.

    Cloud computing has become an increasingly integral part of daily life for companies, government organizations, and individuals alike. There’s hardly any aspect of daily life that isn’t touched by the cloud in some way. That ubiquity is a source of concern, especially with the growing number and scope of cybersecurity threats.

    According to Politico, the Biden Administration now views the cloud industry as “too big to fail” and is beginning the process of regulating cloud computing security.

    The industry has “become essential to our daily lives,” Kemba Walden, acting national cyber director, told Politico. “If it’s disrupted, it could create large potentially catastrophic disruptions to our economy and to our government.”

    Industry veterans echoed those concerns.

    “A single cloud provider going down could take down the internet like a stack of dominos,” said Marc Rogers, chief security officer at Q-Net Security and former Cloudflare head of information security.

    Unfortunately while companies have raced to deploy cloud platforms and services, cloud security has often lagged behind, leaving organizations and individuals vulnerable. Even worse, critical infrastructure has come under attack as a result of cloud security lapses.

    “The reality is that today cloud security is often separate from cloud,” said Anne Neuberger, the deputy national security adviser for cyber and emerging technology. “We need to get to a place where cloud providers have security baked in with that.”

    Her sentiments echo those of Google executives, who recently penned a blog post calling for companies to be held accountable for cybersecurity:

    “The bottom line: People deserve products that are secure by default and systems that are built to withstand the growing onslaught from attackers,” the executives wrote.

    The Biden Administration agrees:

    “In the United States, we don’t have a national regulator for cloud. We don’t have a Ministry of Communication. We don’t have anybody who would step up and say, ‘It’s our job to regulate cloud providers,’” said Rob Knake, deputy national cyber director for strategy and budget. The cloud, he said, “needs to have a regulatory structure around it.”

  • National Cyber Strategy Puts Cybersecurity Burden on Big Tech

    National Cyber Strategy Puts Cybersecurity Burden on Big Tech

    The White House unveiled its National Cyber Strategy, shifting the burden of providing security from individuals to Big Tech.

    Cybersecurity has become a major issue for individuals, businesses, and government agencies, with hardly a day going by without disclosure of another data breach. According to CNBC, a key component of the new strategy is putting the burden of protection on Big Tech, the segment best equipped to address security issues.

    “The president’s strategy fundamentally reimagines America’s cyber social contract,” Acting National Cyber Director Kemba Walden said during a press briefing on Wednesday. “It will rebalance the responsibility for managing cyber risk onto those who are most able to bear it.”

    Walden added, “the biggest, most capable and best-positioned actors in our digital ecosystem can and should shoulder a greater share of the burden for managing cyber risk and keeping us all safe.”

    The strategy document emphasizes the importance of the public and private sectors working together:

    The most capable and best-positioned actors in cyberspace must be better stewards of the digital ecosystem. Today, end users bear too great a burden for mitigating cyber risks. Individuals, small businesses, state and local governments, and infrastructure operators have limited resources and competing priorities, yet these actors’ choices can have a significant impact on our national cybersecurity. A single person’s momentary lapse in judgment, use of an outdated password, or errant click on a suspicious link should not have national security consequences. Our collective cyber resilience cannot rely on the constant vigilance of our smallest organizations and individual citizens.

    Instead, across both the public and private sectors, we must ask more of the most capable and best- positioned actors to make our digital ecosystem secure and resilient. In a free and interconnected society, protecting data and assuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as of the technology providers that build and service these systems. Government’s role is to protect its own systems; to ensure private entities, particularly critical infrastructure, are protecting their systems; and to carry out core governmental functions such as engaging in diplomacy, collecting intelligence, imposing economic costs, enforcing the law, and, conducting disruptive actions to counter cyber threats. Together, industry and government must drive effective and equitable collaboration to correct market failures, minimize the harms from cyber incidents to society’s most vulnerable, and defend our shared digital ecosystem.

    The National Cyber Strategy echoes sentiments voiced by Google, in which the company threw its support behind companies being held responsible for cybersecurity. Google also emphasized the need for companies to build systems that are fundamentally more secure — rather than offloading that burden on the average user.