CISA Urges Better Software Security As The Cyber Threat Landscape Continues To Rise

As threats grow, CISA's draft report recommends that critical infrastructure adopt the Secure by Design practices and support open source software security.

With Chinese cyber threats escalating, the Cybersecurity and Infrastructure Security Agency (CISA) has cautioned on the 'enhancement of critical infrastructure security.' In the wake of a draft report released by its Cybersecurity Advisory Committee (CSAC), the emotions have risen over the alarming reality that the US is ill-equipped for the cyber war coming from external governments labeled as enemies.

CSAC Chair on the importance of putting the nation’s infrastructure’ Civil Defense war footing. The document contains recommendations for additional assistance to such small systemic-important entities and efforts to evaluate the performance of threat advisories delivered by CISA, especially those concerning Chinese-sponsored actors like Volt Typhoon.

In order to improve application quality, the report encourages software developers to adopt the "Secure by Design" principle. The subcommittee chair, George Stathakopoulos, says there is no legal requirement to do it and that companies don't have an incentive to put security first in their software design.

The document also highlights the importance of having more “curators” to look after and carry out patches on open source software projects due to the high percentage of proprietary applications (80-90%) that incorporate open source software. It is recommended that CISA explore the option of designating an agency to responsible for the security of open source software within the federal and state governments.

The recommendations were endorsed by all the members of the CSAC for submission to CISA Director Jen Easterly demonstrating that there are measures in place to advance U.S. cyber protective systems.