The Center for Cybersecurity Policy and Law is building a new industry coalition called the Network Resilience Coalition which will focus on increasing the resilience of network hardware and software.
Software and hardware vendors expend significant time and effort to ensure that their networked products and services are developed with security by design and by default. They invest in providing updates and configuration guidance for these products over a period of years extending from initial release until scheduled end-of-life. Network operators expect and depend upon the reliability, uninterrupted availability, security, and resilience of these critical technologies. Upgrades, patching, configuration, and maintenance—even where necessary to address known exploitable vulnerabilities—can impose costs and risks of disruption, which must be minimized. The resulting tension between the imperative to operate the network and the need to maintain it can, over time, yield a security deficit.
Additionally, threat intelligence organizations in both government and industry have identified a significant escalation in nation-state sponsored campaigns targeting these known exploited in vulnerabilities in critical infrastructure networks, which underscores the urgency of a coordinated multi-stakeholder response.
The Network Resilience Coalition has formed out of a desire to address these issues in an open and collaborative way, and to help usher in a new paradigm of network hardware and software resilience. The work will foster an open and candid dialogue about the roles, expectations, and responsibilities of technology providers, security experts, network operators, and government leaders and yield real-world solutions to dramatically improve the security postures of the information and telecommunications networks that support our economic and national security.