As you chart your company’s cybersecurity path and prioritize your initiatives, it’s important to maintain a clear view of the regulatory landscape. There’s been a lot going on recently including a new national policy introduced by the White House. What does it mean and how does it impact your business?
New National Cybersecurity Strategy unveiled
If you look at the environment in terms of everything that’s happening with the federal government and this administration specifically, it’s crystal clear that ultimately, it’s likely that every sector of the economy is going to have mandatory minimum cybersecurity requirements.
In fact, on March 2, the President released the National Cybersecurity Strategy that calls for “expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety, and harmonizing regulations to reduce the burden of compliance.”
The new strategy definitively states that regulation is how they’re going to solve the issue of cybersecurity. It states, “Where federal departments and agencies have gaps in statutory authorities to implement minimum cybersecurity standards and mitigate related market failures, the administration will work with Congress to close them.”
This tells us very clearly that the government is going to use their authority to close the gaps, and where they don’t currently possess the authority, they are going to secure it.
Moving forward and what this means for you
Regardless of the timeframe for CMMC, the writing is on the wall. While you may have seen news of CMMC’s delay, bear in mind that the law has been on the books since 2015. The deferment provides a slight reprieve, giving you more time to meet those requirements.
The good news is that the government gave companies in the defense industrial base the answers to the test in 2017, when they spelled out cybersecurity minimums in NIST 800-171. Timelines and delays are a distraction. We need to focus on the work that needs to be done.
The cost of implementing these cybersecurity requirements is simply becoming a cost of doing business with the DOD. Back in the day, car manufacturers complained about having to include airbags and seat belts, decrying the mandate as increasing their costs to the detriment of sales. Eventually the cost was passed on to consumers. In the case of cybersecurity, the cost will be passed on to the government, which is ultimately passed on to all of us.
The time is now
As I recently wrote for The Hill, the absence of regulation and lack of enforcement for the few cybersecurity requirements that do exist has resulted in immeasurable theft of intellectual property and untold damage to national security. Mandatory minimums can help America start winning in cyberspace. The time is now. Contact CyberSheath to get started.