In the report, the committee identified six key concepts and priorities, noting, “The identification of these principles shaped the subcommittee’s approach to cybersecurity and guided subsequent work. As each of these concepts emerged, the subcommittee began exploring and analyzing possible strategies for addressing them.”
In addition to recognizing that there will always be unknowns and that it’s impossible to protect what you don’t know you have, the committee also realized that software is no longer written but assembled. As a result, there must be a common cybersecurity language, which was the fourth concept. The remaining two concepts stated, “Digital assets age faster and less predictably than physical ones. Cybersecurity takes a ‘whole-of-society’ approach.”
In attempting to answer the question, “If traditional IT strategies have proven ineffective, what can organizations do to better strengthen their cybersecurity capabilities?,” identifying these six concepts led the committee to outline six priorities, which are:
Priority 1: The widespread adoption of coordinated disclosure programs.
Priority 2: The implementation of software bills of materials across connected technologies.
Priority 3: The support and stability of the open-source software ecosystem.
Priority 4: The health of the Common Vulnerabilities and Exposures (CVE) program.
Priority 5: The implementation of supported lifetimes strategies for technologies.
Priority 6: The strengthening of the public–private partnership model.
“Cybersecurity has become a priority for all Americans – from government and military leaders and corporate executives to small-business owners and everyday families,” said Rep. Greg Walden of Oregon, according to KTVZ.com. “That’s why we must take steps to strengthen our ability to confront the threats facing the internet and connected technologies that we are increasingly dependent on.
“This latest report outlines a strategy that, based on the significant body of work the Energy and Commerce Committee has already completed, would elevate cybersecurity capabilities across all sectors. We’ve had real bipartisan success in pursuing several of these policies at the committee, and I look forward to working across the aisle in the upcoming session of Congress to continue this vital work.”