April 6, 2023

In March of 2023, the National Cybersecurity Strategy was released. Lots of pundits opined a day or two after the release; rather than an immediate reaction, it seems best to wait for a news cycle or two to look at the strategy from a better perspective. Well, what better perspective than a person who has worked inside the government, is an attorney, and has some serious credentials in the tech world?
Today, we sat down with Bill Wright, Global Head of Government Affairs at Elastic. The strategy document talks about the importance of infrastructure. Bill Wright comments that 80% of the critical infrastructure in the United States is privately held. One overarching purpose of the document is to try to fill in the security gaps in the private sector.
Bill remarks that the third “pillar” of the document may present the biggest challenge. This is the call for federal privacy legislation. Americans are sensitive to any kind of federal control over-identification. This alone may take three to five years to pass legislation.
"One last piece here in the strategy is a fairly controversial strategy, but I think an important one, and that is to shift the security liability on to the software makers"
Bill Wright, Elastic Tweet
What is new is a shift of security liability to the software makers. The Executive Order is trying to incentivize solutions providers to have basic security built into the offering, instead of the constant bolting on of software packaged to comply with a new initiative. Years of failure have shown how limited this after-the-fact approach is.
Because Bill has decades of experience in technology policy, he can see how some industry groups may balk. The example he gives is members of industrial water systems were not consulted before this mandate.
He ends the interview by stating the obvious: computer networks are now part of the critical infrastructure of the United States. Many of the security recommendations are made with an understanding of the role of CISA in the entire endeavor.
Listen to the interview to get a fresh, new perspective on the new federal mandate.
If you enjoyed this article, you may want to listen to Ep. 55 The Role of Synthetic Data in Software Development

John Gilroy
Has been behind a microphone since 1991. He can help you structure, launch, and promote your company podcast. johngilroy@theoakmontgroupllc.com
Leave a Reply