GUEST VIEW: New cyber security law is a step in the right direction
Reason may have begun to find its way back into America’s heated national conversation about cyber security. In late December, President Trump signed into law The Federal Acquisition Supply Chain Security Act of 2018. This bipartisan legislation marks a welcome departure from the ineffective practice of blocking specific companies on the basis of unsubstantiated assertions that they are national security threats. Instead, it adopts the far more sensible approach of creating a process for managing risks to the networks that serve federal government agencies or support critical U.S. infrastructure.
Banning individual companies has never been a good way to guard against cyber threats. It is far more effective to establish a comprehensive framework for identifying and addressing risks from all technology vendors. Malicious actors (including motivated and well-resourced nation states) can exploit vulnerabilities in global supply chains by virtual means, surreptitiously implanting malware and hidden functionality in digital networks and launching attacks, or disrupting service, however and whenever they choose.
They do not need physical access to network equipment to accomplish these goals; vulnerabilities in the global supply chain and in operational networks give them all the openings they need. Any technology vendor can be compromised, from any geographic location.
For that reason, it is necessary to implement regular, comprehensive testing for higher-risk systems such as those that perform key functions in critical parts of the finance, telecommunications or energy sectors and are therefore essential to national security or deliver essential government services. Critical components and software in these and other high-risk systems should be checked extensively before being deployed. Such an approach would greatly reduce the risk of a nationally significant cyber breach or attack. ..Read More..