The US Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) division announced a final directive this week that requires all individual federal civilian executive branch (FCEB) agencies to “develop and publish a vulnerability disclosure policy (VDP) for their internet-accessible systems and services and maintain processes to support their VDP.”
Identified as the Binding Operational Directive 20-01, this agency-wide initiative is in line with the goal of making 2020 the “year of vulnerability management”, including the focus of making disclosures of vulnerability easier for the public.
Now, aside from a whole lot of acronyms, what exactly does this mean?
The US government is not only underlining the importance of cybersecurity with this, they are saying that the public needs to have easy access to contribute to aiding in making it relevant. This means that agencies need to make it easy for citizens to find and report vulnerabilities and do it in a legal manner. The collaboration component is important here because not only does it open up the conversation, it allows for the removal of the fear factor in being penalized for reporting and also will provide consistency in how the data and information is reported.
Yes, It Is THAT Important
The recognition by the US government to not only make this mandatory for their agencies but also to get public input shows us just how important having strong cybersecurity is. This is not a political, religious, or other divisive topics. We must be unified in our efforts to fend off cyber criminals as a global nation. That should emphasize how important it is to create a strong cybersecurity plan. One that is proactive as well as reactive in the case of a breach. This isn’t a one and done scenario. The changes to how businesses are attacked are ever-changing, and training and learning must be ongoing to provide current information.
As a community, we must work together to fight cybercrime. Otherwise, we could collectively fall to a breach of our information. This will not just affect one person with a stolen identity, but entire businesses may not recover, leading to job loss and a much larger impact. Together we are stronger!