Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » White House proposes new cybersecurity ratings system

White House proposes new cybersecurity ratings system

by Adi Gaskell
18 March 2021
in Security
0
Joe Biden signing papers

© Shutterstock

48
SHARES

It’s hard to remember a time where such venerable pieces of infrastructure have been so affected by security vulnerabilities. Firstly, enterprise software vendor SolarWinds issued a warning to its 300,000 customers that security vulnerabilities could allow attackers to take control of their systems.

The vulnerabilities in their Orion and Serv-U FTP packages followed hot on the heels of news in December that the company had been hacked by a suspected Russian attack.

This was then followed by a number of zero-day vulnerabilities being exposed in the Microsoft Exchange Server, which have been actively exploited by a state-sponsored group backed by China.

The SolarWinds attacks alone were estimated to have affected around 18,000 organizations globally, and so the scale of the impact from these enterprise-level attacks is considerable.

Government response

It’s perhaps no surprise, therefore, that in a recent press call, the new Biden administration has spoken about the potential for a new cybersecurity rating system to provide enhanced visibility into the security aspects of popular hardware and software solutions.

“Mayor Bloomberg, a number of years ago, when he wanted to address restaurant sanitation, he realized, you know, the health department kept rating restaurants, and it just wasn’t changing anything. So he required restaurants to put a simple rating — A, B, C, D — in their front window to make a market — to make a market around health and sanitation,” they explain.

“And we’re looking to do a very similar thing with cyber and the cybersecurity of software companies we buy software from.”

The White House also explained that they’re taking inspiration from Singapore, where cybersecurity standards are provided for a range of different Internet of Things devices. For instance, parents could buy a connected baby monitor and be able to understand how secure the product is before buying it. It’s an approach that is not present in the United States at the moment but there are plans afoot to announce something in the coming weeks to place the country on that path.

Cybersecurity Labelling Scheme

A voluntary program had already been launched in Singapore back in October of last year, but to date, only smart home hubs and wifi routers have been evaluated. The Cybersecurity Labelling Scheme (SLC) aims to improve upon that by incorporating a much wider range of consumer devices, including smart lights, IP cameras, smart printers, and smart door locks. The hope is that this will improve cybersecurity hygiene across the nation.

The SLC incorporates four tiers of cybersecurity support, ranging from basic password protections and regular security updates at the bottom level to those products that have undergone rigorous third-party security testing at the top end.

The Singapore government hopes that it provides consumers with a basic level of security assurance. It’s something that the government hopes to be able to replicate in some form in the coming weeks, with the recent high-profile attacks underlining the importance of improving cybersecurity across the country.

Improving security

There were nine federal agencies compromised by the SolarWinds hack, with the government explaining that technology would be rapidly rolled out to plug the specific gaps identified in the attacks. These solutions will then be rolled out more widely across the federal government as the government aims to ensure not only that the networks and systems are secure but there can be visible trust in those systems that are operating on behalf of the public.

There is a clear desire to limit the cost of incident response across the government and so the White House said that they will be encouraging agencies to prioritize the use of products, applications, and services that have cybersecurity built-in from the outset. They hope that by clearly stating this ambition that not only will it support agencies in securing their systems but also create a clear market across the private sector for secure technologies.

“[We’re] thinking through rebooting the approach to software security, rebooting the approach to software security standards, and trying to get to a goal we have: that the level of trust we have in our systems is directly proportional to the visibility we have to their cybersecurity,” officials explained. “The level of that visibility needs to match the consequences if those systems fail.”

The cybersecurity rating system is an idea that has been advocated for by not only a number of industry groups but also the bipartisan Cyberspace Solarium Commission. If such ratings become the law, however, then it not only helps to make the market for cybersecure products but also showcases the renewed focus the government is putting on the security of digital infrastructure.

Share48TweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.