2023 White House National Cybersecurity Strategy Guidance

Know everything about the Biden-Harris Administration’s call for cybersecurity liability and new investment in critical cybersecurity infrastructure. Get your liability posture ready for the changes with practical resources and tips. Want a free assessment of your software supply chain to ensure you're secure by design? 

Talk to an Expert

National Cybersecurity
Strategy Key Themes

  • Software providers and data owners held responsible under cybersecurity liability

  • Realigned long-term investment in cybersecurity will have a focus on the future

  • A drive to invest in security resilience starts with every digital ecosystem

  • Coordinated vulnerability disclosures and SBOMs are still a best practice. Get your SBOM below.

What is the White House National Cybersecurity Strategy?

The Biden-Harris Administration’s National Cybersecurity Strategy calls to build and mature a digital ecosystem that is more resilient against cyber attacks. The Strategy frames two main fundamental shifts in how the United States will allocate roles, responsibilities, and resources in cyberspace: 

  1. A call for cybersecurity liability and holding software providers responsible
  2. Aligning incentives to favor long-term investments in cybersecurity

 

How does the National Security Strategy impact software development?

The Strategy calls for future change around how organizations create and use software. They need to employ rigorous methods to ‘prevent bad outcomes’ and take full responsibility to protect consumers. 

It also details that liability can’t be pushed off on the “open-source developer of a component that is integrated into a commercial product.” Changing the dynamics of accountability is the only way to drive the proper outcomes, but it’s just the beginning of a much larger shift in secure development. 

Whilst The Strategy recognizes that even a perfect security process can’t guarantee perfect outcomes, vendors should no longer have the ability to disclaim any and all liability. Establishing the concept of safe harbors allows the industry to mature incrementally, leveling up security best practices in order to retain a liability shield, versus calling for sweeping reform and unrealistic outcomes as previous regulatory attempts have.

The White House National Security Strategy also moves to hold accountable companies that collect massive amounts of information and then leave that information open to attackers with little recourse. Without regulation changes, the ramifications of these types of breaches can be huge for consumers, while the resulting lawsuits amount to a rounding error and a cost of doing business for these companies. 

 

How can you Prepare?

Sonatype is in a unique position to help you and your organization get ready.

We are regarded as highly trusted domain experts with unparalleled years of experience in this space. Over the years, we have been invited to advise on government legislation and strategy, including this one. Specifically, secure software development and the open source implications.

Two Key Areas of Preparation:

1. "Incentivize the adoption of secure software development practices", "Secure by Design" and "Secure from the Start"

Sonatype’s Platform helps organizations build secure software by identifying and remediating vulnerabilities early in the development process,enabling companies to ship software with no known open source vulnerabilities, mitigating liability issues down the line.

  • Provides visibility and control over the open source components and third-party dependencies used in software applications.
  • Prevents malware from entering the software development environment, like no other solution on the market
  • Automates security testing and implementing continuous monitoring of software components throughout the development lifecycle.

2. "Promotion of the further development of SBOMs"

An SBOM is a formal list that details the third-party, open source components that make up a software application.

"This is a landmark moment for the industry, signaling a nuanced understanding of the threats and complexity of today’s cyber landscape."
BRIAN FOX
CTO, Sonatype
Sonatype_logo_full_color

Experts discuss software liability and National Cybersecurity Strategy

Tools to help you prepare for liability 

sonatype-firewall-icon-white

Nexus Repository Firewall

Block malicious open source at the door.

sonatype-repository-icon-white

Sonatype Nexus Repository

Build fast with centralized components

sonatype-lifecycle-icon-white

Sonatype Lifecycle

Control open source risk across your SDLC