Enterprise software companies will help shape the implementation of the National Cyber Strategy, leaders from BSA | The Software Alliance, the Office of the National Cyber Director, and the Federal CIO said at an event hosted on March 22.
BSA hosted member companies, industry stakeholders, and media for an event covering third pillar of the cyber strategy, which focuses on security and resilience through procurement policies and secure software.
The event in particular offered some emerging clarity for how US officials might build out a “safe harbor” for software developers who can demonstrate having utilized secure development practices such as those published by NIST, or BSA’s own Secure Software Framework.
The program included an introduction by BSA VP of Global Public Affairs Michael O’Brien before BSA VP of US Government Affairs Craig Albright joined Anjana Rajan, Assistant National Cyber Director for Technology Security from ONCD, for a conversation about key takeaways from Pillar 3 – drawing in part from Rajan’s private sector experience as a chief technology officer before government.
BSA Director of Policy Henry Young then led a conversation with Nick Lieserson, Assistant National Cyber Director for Policy and Programs from ONCD, and Mitch Herckis, head of cybersecurity for the Federal CIO, about how to implement the strategy.
The event earned coverage in Politico Pro’s Morning Cybersecurity (for subscribers) and Inside Cybersecurity, both of which noted the emphasis by US government speakers on wanting to engage with organizations like BSA and software developers to craft policies to further the security of products. Specifically, Lieserson said that secure software frameworks of the sort published by BSA or by NIST could form the basis for a liability “safe harbor” for companies that can prove they have met high development standards.
Establishing those standards through procurement and other policymaking venues requires substantial industry input, the government speakers said. They noted that industry input is also needed to help harmonize US regulations and ultimately square different US cybersecurity standards with other global rules. BSA will continue to engage with ONCD and other relevant agencies – along with lawmakers on Capitol Hill – to help advance a thoughtful policies that improve the digital ecosystem.