As we begin the holiday season, the Center for Cybersecurity Policy & Law staff would like to take a few words to say what we are thankful for in cybersecurity this year.
“I’m grateful for Kevin Stine and the Applied Cybersecurity Lab at the National Institute of Standards and Technology (NIST). Every new area, including new efforts on FedRAMP, seems to include them with no increase in budget or staff, but they do the work and do it well. They don’t complain, but they do deserve a lot more credit than they get.”
- Ari Schwartz, Coordinator
“The explosion in conversation about Artificial Intelligence has accomplished something important: people have a better understanding of how AI is already used to augment cybersecurity defenders. I was worried about how to help policymakers understand the importance of automated systems and scoring, but the conversation has moved quickly, and people understand both the importance of AI for cybersecurity – and the potential for it to be even more useful as we learn how to train and use it in new contexts.”
- Heather West
“I am thankful that someone in government is taking the idea of regulatory harmonization seriously.”
- Ross Nodurft & John Banghart
“Looking back on 2023, I’m thankful that privacy risk management is gaining more traction and becoming a meatier course with less stuffing. The marshmallow topping on the privacy sweet potato soufflé would be greater adoption of risk management tools like the NIST Privacy Framework.”
- Jamie Danker
“As we celebrate Thanksgiving, I want to express my gratitude to every member of the Digi Americas Alliance and LATAM CISO Network. Your insights and dedication to our cybersecurity and digital policy initiatives have been invaluable. This year, we’ve seen remarkable teamwork, and I am excited about what we will achieve together in the future. It’s your commitment that drives our success and forges our path forward. Thank you for being an integral part of our journey!”
- Belisario Contreras
“I’m thankful for all the defenders out there.”
- Harley Geiger
“I’m thankful that we’re seeing like-minded governments increasingly share best practices with one another, and even looking at ways to align cyber policies.”
- Alex Botting
“I am thankful for the government officials who are working to align the needs for enhanced cybersecurity capabilities with the public sector’s access to and adoption of innovative technologies.”
- Grant Schneider
“I am thankful for all of the state and local officials who keep the government moving, despite never having enough time, money, or staff.”
- Dan Wolf
“I am thankful for the work being done by the NIST on digital identity. The new Digital Identity Guidelines (800-63-4) may be taking longer than anticipated but they’re taking the time to make sure it’s done right. Additionally, I am very excited about the online use case project for mobile driver licenses at the National Cybersecurity Center of Excellence and think it will be valuable in moving a robust digital identity ecosystem forward in the U.S.”
- Zack Martin
"As I look back on 2023, I’m thankful to be attending cybersecurity conferences and events in-person. RSA, CyberNext, and other events are a great space to share ideas and discuss the current state and future of cybersecurity. The collaborative nature of cybersecurity is one of the best parts of being in this industry, and I’m glad to be able to participate in discussions face-to-face once again."
- Bri Law
“I am thankful for the ongoing work by the NIST Open Security Controls Assessment Language (OSCAL) team and the broader OSCAL industry community for leading the way towards a world of automated compliance management. Their continued success is a testament to the utility and strength of public-private partnerships, and to the need for more efficient compliance processes across multiple domains.”
- Stephen Banghart
"I am thankful for the passion, dedication, and expertise of the Privacy Workforce Public Working Group (PWWG) team leads and volunteers. Their collective commitment shines brightly as they work collaboratively to build off of the NIST Privacy Framework, empowering organizations to cultivate a workforce equipped to navigate privacy risks effectively."
- Ivy Orecchio
"I am grateful for the March 2023 Executive Order to Prohibit U.S. Government Use of Commercial Spyware that Poses Risks to National Security. The EO imposed rules limiting the acquisition and deployment of hacking tools from vendors whose products have been linked to human-rights abuses or are deemed to pose counterintelligence/national security risks to the U.S. It also limits the purchasing of tools if they are sold to foreign governments considered to have poor records on human rights. While just a starting step, the EO sets a foundation for us and other democracies to create better policy, safeguards, and law around the proliferation of incredibly powerful spyware."
- Ines Jordan-Zoob
“I am thankful for all the continued efforts to strengthen and improve diversity in cybersecurity. As an Indian woman pretty early off in my career, it can be hard not to see someone like me at the table. However, with continued investments, pledges by countless companies, the first ever National Cyber Workforce and Education Strategy, I’m hopeful that more underrepresented people are represented in this space. Thank you to all those who work tirelessly on this issue - it never goes unnoticed and I’m grateful for you every day.
- Tanvi Chopra
“I am thankful for all the work that has been done, at all levels of government and at schools and universities, to bolster the cyber workforce this year. From efforts to increase diversity in cybersecurity to the development of skilling, reskilling, and upskilling programs to incorporating cybersecurity lessons at the K-12 level, these are all vital steps in closing the cybersecurity workforce deficit. It has also been great to see a push to make cybersecurity more interdisciplinary since cyber touches so many different areas, many with their own unique cybersecurity needs.”
- Alice Hubbard
"This year, I am thankful for all the efforts made to strengthen the cybersecurity resiliency of K-12 schools! Following the "Back to School Safely: Cybersecurity Summit for K-12 Schools" at the White House, the Biden Administration announced a number of efforts related to this initiative, including a set of educational briefs recommending best security practices. This focus has meant a lot to me as my mother is a public school teacher in addition to my siblings and cousins who are currently going through our nation's public education system. It has been reassuring to see our country recognize education infrastructure as critical infrastructure, and proactively take steps to ensure a safe and resilient education for our nation's youth."
- Alexis Steffaro
“As a born and raised Rhode Islander, I am grateful for former Congressman Jim Langevin, who retired this year after serving 22-years in the House of Representatives. Over the course of his tenure, the Rhode Island Congressman spearheaded countless cybersecurity initiatives, such as authoring legislation to create the Office of the National Cyber Director (ONCD) in the White House and co-founding the Congressional Cybersecurity Caucus. His presence on Capitol Hill will be missed by Rhode Islanders and cybersecurity professionals alike.”
- Luke O’Grady
Hacking Policy Council Comments to New York State Department of Health on Proposed Hospital Cybersecurity Requirements
The Hacking Policy Council (“HPC”) submits the following comments in response to the New York Department of Health’s proposed addition to Section 405.46 to Title 10 NYCRR (“Hospital Cybersecurity Requirements).
Vulnerability Management Under The Cyber Resilience Act
Companies should begin preparing now for the EU’s Cyber Resilience Act, a significant development in product security regulation and will apply to software and connected device manufacturers in and outside EU borders.
Cybersecurity Predictions for 2024
The Center for Cybersecurity Policy & Law staff offer their predictions on what's to come in 2024 and the season finale of the Distilling Cyber Policy podcast offers some additional commentary on what's ahead.