In the latest episode of the IoT: The Internet of Threats podcast, host Eric Greenwald is joined by John Banghart, Senior Director for Cybersecurity Services at Venable LLP. With nearly 30 years of experience in the field, John sheds light on the conclusions we can draw from the Biden Administration's National Cybersecurity Strategy, what it means for software makers and their potential liabilities, and the connections between the Strategy, Executive Order 14028, the Cybersecurity Maturity Model Certification (CMMC), and DoJ's Civil Cyber-Fraud Initiative. 

 

Will the Strategy bring real improvement to cybersecurity?

Most companies want to do the right thing, but they recognize the very real economic pressures involved in building very secure software as opposed to only nominally secure software. While the CMMC has stalled out, Executive Order 14028 and, now, the National Cybersecurity Strategy have emerged on the scene. 

On this episode, Banghart, a leading cybersecurity expert in the healthcare sector, breaks down the road that leads from the Strategy to real improvements in cybersecurity. The Biden Administration's new National Cybersecurity Strategy sets some important goals, but is it enough, and how do we effect real change?  Tune in and listen to the conversation. 

Do America's companies really want improved cybersecurity?

Companies generally want to do the right thing, but how much liability are they willing to take on? … even if it means a greater degree of alignment with NIST's SSDF and safer critical infrastructure, connected autos, and medical devices? 

In this short video clip from the latest episode of the IoT: The Internet of Threats podcast, Banghart shares his thoughts on how companies may react to new and more stringent cybersecurity regulation and how it may all pan out in the end. 

 

Are first-party attestations worth anything? 

Has the passage of this new regulation signaled a sort of death knell for the third-party attestation model proposed by the CMMC? Has the time come for the industry to move forward with models that come with easier passage into law and acceptance by companies?

Will companies take self-attestation seriously enough to ensure the accuracy, validity, and completeness of their assertions? If so, how?

In this short video clip from the latest episode of the IoT: The Internet of Threats podcast, guest John Banghart, Senior Director for Cybersecurity Services, Venable LLP, describes what first-party attestations may look like in the near future. 

Episode Links

In this insightful discussion, Eric and John cover the following topics:

  • Takeaways and conclusions from the Biden Administration's National Cybersecurity Strategy
  • The shifting of cybersecurity liability to software makers and the struggle to enact effective cybersecurity rules
  • How the National Cybersecurity Strategy builds upon Executive Order 14028 and the CMMC
  • How tech companies may approach new cybersecurity regulation (and the safe harbor it may offer)
  • Whether the Strategy's invocation of DoJ's Civil Cyber-Fraud Initiative will compel software vendors to put more scrutiny and time into their cybersecurity attestations 

All episodes of Finite State’s “IoT: The Internet of Threats” podcast can be heard on Spotify, Apple Podcasts, and Google Podcasts.

Listen to this episode in its entirety below!