World News
CISA’s security-by-design initiative is at risk: Here’s a path forward on July 29, 2023 at 12:30 pm
The Biden administration’s 2023 National Cybersecurity Strategy identified structural shortcomings in the state of cybersecurity, calling out the failure of market forces to adequately distribute responsibility for the security of data and digital systems. Most prominently, the strategy seeks to “rebalance responsibility [for security] to those best positioned.”
Shortly after the strategy’s launch in March of this year, the Cybersecurity and Infrastructure Security Agency (CISA) kicked off an effort to “shift the balance of cybersecurity risk” by pushing firms to adopt security-by-design (SbD) practices, improving the safety and security of their products at the design phase and throughout their life cycle.
CISA director Jen Easterly’s announcement of these efforts appears to put CISA at the forefront of this rebalancing, addressing technology vendors’ incentives to underinvest in security through changes in how those firms design and deploy the products they sell. As the first substantive proposal from President Biden’s administration to effectuate this rebalancing since the launch of the strategy, the success or failure of the SbD initiative could be a bellwether for one of the strategy’s two fundamental ideas.
Success with SbD is at risk, however, both from the political challenges of implementing SbD practices and the threat of unrealistic expectations. This piece addresses both and highlights a path forward.
Political and structural headwinds
The politics of SbD implementation — which implicitly require a capacity to compel change in vendor practices, as well as the insight to design them — are treacherous ground for CISA, as the fast-growing agency is not a regulator. In time, it might become one, but current and past leadership insist that such responsibilities would be at odds with agency culture and its operational responsibilities.
The agency’s ability to support, build capacity, train, coordinate, and plan together with state, local, tribal and territorial entities, and industry stakeholders is rooted in its disposition as a trusted partner and neutral convener.
This means CISA should be only one of several federal agencies working to implement SbD, with cooperation from regulators like the Federal Trade Commission (FTC), a sharp and pointy complement to CISA’s open-handed approach. Otherwise, the SbD initiative could place CISA in a bind, trying to fix entrenched market incentive problems but without the ability to compel companies to act differently. CISA efforts to create accountability might undermine its attempts to generate goodwill.
Developing and defining a set of SbD practices that vendors can attest to, and that the U.S. government and other parties can verify or enforce, is a tremendous undertaking in and of itself. CISA must build SbD practices alongside an architecture for enforcement that sets clear roles for entities like the FTC, the Department of Defense, the Securities and Exchange Commission, and the General Services Administration.
The White House has responsibility here, too, and specifically the Office of the National Cyber Director, to guide this multi-agency effort within a strategy to manage the industry politics of shifting the incentives in this market — precisely what the office was designed, staffed, and organized to do. CISA’s focus must remain on enumerating and updating the essential SbD practices.
Just one piece of the puzzle
As we have argued before, “no strategy can address all sources of risk at once, but . . . silver bullets often trade rhetorical clarity for crippling internal compromises.” The SbD program could achieve deep, meaningful changes in how some of the largest technology vendors build services and products. Those changes would have material benefits for the security of every technology user.
However, cajoling all firms toward a comprehensive and uniform set of best practices is a fundamentally incompletable task.
Malicious actors perpetually seek new means of exploit; different sectors and system classes face different and unique challenges; and new technologies are prone to modes of failure, both new and unforeseen. Adopting certain new processes, rigorously enforcing them, and fixing existing incentives would still be a much-needed improvement over the current status quo.
However, adopting memory-safe languages or pushing large actors toward better risk management would not necessarily have prevented many significant vulnerabilities in recent memory, such as Log4Shell. To succeed, CISA will also need to understand how large technology companies build products and services — current industry practice is far from complete or perfect, but it is the baseline from which SbD hopes to drive change. Understanding that baseline is critical.
There is danger when rhetoric around shifting responsibility in cyberspace suggests that cybersecurity problems and challenges exist only because technology vendors cut corners or that all cybersecurity risk can be avoided by following a simple set of straightforward practices. The increasingly interconnected, dependent nature of software systems, as well as the variety of organizations and systems they connect to, creates risks all its own.
SbD is an important piece of managing this — the status quo of responsibility deferred to the user is broken — but describing SbD as a panacea risks creating backlash when insecurity inevitably persists.
It is clear CISA recognizes that success in SbD could be one of the most impactful policy interventions in cybersecurity in the last decade. It is also clear that the program, even in its most successful incarnation, will leave some problems unsolved. Specificity about the scope and goals of the program will help prevent its inevitable critics from distorting the debate into all-or-nothing terms.
Risk and opportunity
SbD — the first policy manifestation of the National Cybersecurity Strategy’s effort to shift responsibility — will not come about by sheer goodwill alone. CISA is not a regulator, and it must define a path for federal agencies that are regulators so that the implementation of SbD leverages the broader standards setting, enforcement, and regulatory powers of the federal government.
Shying away from direct government enforcement of these security practices risks consigning the effort to history, alongside many other “voluntary” and “industry-led” programs.
The growing and talented team at CISA have 18 months until January 2025, which will bring either the paralyzing tumult of transition or the still-chaotic maturation of a first-term administration into a second. The largest vendors that would participate in this program are not going anywhere and can afford to wait.
In this sense, CISA and the wider U.S. government’s cyber policy apparatus is on the clock. CISA must focus on the essential elements of SbD and organize, build, and engage with a clear deadline in mind. The clock is ticking.
Success with security-by-design is at risk, both from the political challenges of implementation and the threat of unrealistic expectations.
Business
GLOBAL SUSTAINABILITY SUMMIT RETURNS FOR ITS 5TH EDITION AT THE BRITISH PARLIAMENT – HOUSE OF LORDS, PALACE OF WESTMINSTER
FOR IMMEDIATE RELEASE
Theme: “People, Planet, and Profit in the Age of AI and Innovation”
London, United Kingdom — The Global Sustainability Summit (GSS) is officially back for its landmark 5th Edition, continuing its legacy as one of the leading international platforms driving sustainable development, climate action, ethical investment, innovation, and global collaboration.
Convened annually at the prestigious British Parliament, House of Lords, Palace of Westminster, by Ambassador Canon Chinenem Otto, the Summit has, over the last four years, successfully fostered international dialogue and partnerships that have contributed to the advancement of global sustainability goals, the establishment of sustainability-focused ministries, departments and policy structures across national and subnational governments, and the attraction of major investors into sustainable development projects, corporations and emerging economies.
This year’s summit, themed “People, Planet, and Profit in the Age of AI and Innovation,” will explore how emerging technologies, responsible leadership, sustainable finance, innovation, and global partnerships can shape a more inclusive, resilient and environmentally conscious future.
The 5th Edition promises to be the most impactful yet, bringing together world leaders, policymakers, diplomats, investors, academics, innovators, climate experts and youth leaders from across the globe to discuss actionable solutions toward achieving a sustainable and equitable future.
Among the distinguished speakers, delegates and honorees already lined up for the Summit are:
• His Excellency Mallam AbdulRahman AbdulRazaq — Executive Governor of Kwara State, Nigeria and Chairman of the Nigeria Governors’ Forum
• His Excellency Senator Prince Bassey Otu — Executive Governor of Cross River State, Nigeria
• Ambassador Patricia Espinosa Cantellano — Former Executive Secretary of UN Climate Change (UNFCCC) and Former Foreign Minister of Mexico
• Lord Marvin Rees, Baron Rees of Easton OBE — Member of the House of Lords, United Kingdom
• Hon. Neema K. Lugangira — Secretary-General of Women Political Leaders (WPL), Brussels and Former Member of Parliament
• Her Excellency Dr. Netumbo Nandi-Ndaitwah — President of the Republic of Namibia
• His Excellency Nangolo Mbumba — Former President of Namibia
• Former President of Tanzania
• Her Excellency Ambassador Professor Olufolake AbdulRazaq — First Lady of Kwara State, Nigeria and Chairperson of Nigeria Governors’ Spouses Forum
• Your Excellency Dr. Dikko Umar Radda, PhD, CON — Executive Governor of Katsina State and Chairman of the Northwest Governors Forum, Nigeria
• Hon. Sam Shafiishuna Nujoma — Governor of Khomas Region, Namibia
• H.E. Mr. Veiccoh Nghiwete — High Commissioner of the Republic of Namibia to the United Kingdom
• Her Excellency Ms. Macenje “Che Che” Mazoka — High Commissioner of Zambia to the United Kingdom
• Ms. Danielle Newman — Partner Lead, ICT, World Economic Forum
• Leanne Elliott Young — Co-founder, Institute of Digital Fashion & CommuneEast
• Ms. Chloe Russell — Producer & Presenter, Art, Science and Nature
• Professor Marie-Claire Cordonier Segger — University of Cambridge & University of Waterloo
• Dr. Alexandra R. Harrington — IUCN World Commission on Environmental Law (WCEL)
• Professor Payam Akhavan — Massey College, University of Toronto
• Mr. Mallai C. E. Sathya — President, Dravida Vetri Kazhagam and International Movement for Tamil Culture Asia
The Summit will feature high-level panel discussions, strategic investment conversations, sustainability awards, policy dialogues, innovation showcases, youth engagement sessions and international networking opportunities focused on climate resilience, ethical financing, food-water-energy sustainability, circular economy, artificial intelligence, diplomacy and sustainable development.
Speaking ahead of the Summit, Convener Ambassador Canon Chinenem Otto noted:
“As the world rapidly evolves through artificial intelligence and technological innovation, we must ensure that sustainability remains people-centered, environmentally responsible and economically inclusive. The Global Sustainability Summit continues to serve as a bridge connecting governments, institutions, innovators and investors to accelerate practical sustainability solutions globally. Our fifth edition is not only a celebration of progress made over the years, but also a renewed call for global collaboration and actionable impact toward achieving the Sustainable Development Goals and Net Zero ambitions.”
The Global Sustainability Summit continues to position itself as a catalyst for transformative partnerships and sustainable global progress, reinforcing the urgent need for collective action toward a more resilient and sustainable future.
More announcements regarding additional speakers, partners and summit activities will be unveiled in the coming weeks.
President Donald Trump says the United States might one day get rid of federal income tax because of money the government collects from tariffs on imported goods. Tariffs are extra taxes the U.S. puts on products that come from other countries.
What Trump Is Saying
Trump has said that tariff money could become so large that it might allow the government to cut income taxes “almost completely.” He has also talked about possibly phasing out income tax over the next few years if tariff money keeps going up.
How Taxes Work Now
Right now, the federal government gets much more money from income taxes than from tariffs. Income taxes bring in trillions of dollars each year, while tariffs bring in only a small part of that total. Because of this gap, experts say tariffs would need to grow by many times to replace income tax money.
Questions From Experts
Many economists and tax experts doubt that tariffs alone could pay for the whole federal budget. They warn that very high tariffs could make many imported goods more expensive for shoppers in the United States. This could hit lower- and middle‑income families hardest, because they spend a big share of their money on everyday items.
What Congress Must Do
The president can change some tariffs, but only Congress can change or end the federal income tax. That means any real plan to remove income tax would need new laws passed by both the House of Representatives and the Senate. So far, there is no detailed law or full budget plan on this idea.
What It Means Right Now
For now, Trump’s comments are a proposal, not a change in the law. People and businesses still have to pay federal income tax under the current rules. The debate over using tariffs instead of income taxes is likely to continue among lawmakers, experts, and voters.
Former President Donald Trump has signed an executive order directing federal agencies to declassify all government files related to Jeffrey Epstein, the disgraced financier whose death in 2019 continues to fuel controversy and speculation.
The order, signed Wednesday at Trump’s Mar-a-Lago estate, instructs the FBI, Department of Justice, and intelligence agencies to release documents detailing Epstein’s network, finances, and alleged connections to high-profile figures. Trump described the move as “a step toward transparency and public trust,” promising that no names would be shielded from scrutiny.
“This information belongs to the American people,” Trump said in a televised statement. “For too long, powerful interests have tried to bury the truth. That ends now.”
U.S. intelligence officials confirmed that preparations for the release are already underway. According to sources familiar with the process, the first batch of documents is expected to be made public within the next 30 days, with additional releases scheduled over several months.
Reactions poured in across the political spectrum. Supporters praised the decision as a bold act of accountability, while critics alleged it was politically motivated, timed to draw attention during a volatile election season. Civil rights advocates, meanwhile, emphasized caution, warning that some records could expose private victims or ongoing legal matters.
The Epstein case, which implicated figures in politics, business, and entertainment, remains one of the most talked-about scandals of the past decade. Epstein’s connections to influential individuals—including politicians, royals, and executives—have long sparked speculation about the extent of his operations and who may have been involved.
Former federal prosecutor Lauren Fields said the release could mark a turning point in public discourse surrounding government transparency. “Regardless of political stance, this declassification has the potential to reshape how Americans view power and accountability,” Fields noted.
Officials say redactions may still occur to protect sensitive intelligence or personal information, but the intent is a near-complete disclosure. For years, critics of the government’s handling of Epstein’s case have accused agencies of concealing evidence or shielding elites from exposure. Trump’s order promises to change that narrative.
As anticipation builds, journalists, legal analysts, and online commentators are preparing for what could be one of the most consequential information releases in recent history.
Can AI Really Steal Your Fingerprints From a Selfie?
How to Make Your Indie Film Pay Off Without Losing Half to Distributors
How to Find Your Voice as a Filmmaker
Advice1 day agoHow to Make Your Indie Film Pay Off Without Losing Half to Distributors
- Advice1 day ago
How to Find Your Voice as a Filmmaker
- News3 weeks ago
FIPRM Expands Into Sports, Partners With Bolanle Media to Launch New Media Platform
- Business2 weeks ago
What the Michael Biopic Means for Every Indie Filmmaker
- Entertainment3 weeks ago
Mother’s Day AfroFun Praise Party: Gospel Dance, Fitness & Feel‑Good Stats in 60 Minutes
- Business5 days ago
GLOBAL SUSTAINABILITY SUMMIT RETURNS FOR ITS 5TH EDITION AT THE BRITISH PARLIAMENT – HOUSE OF LORDS, PALACE OF WESTMINSTER
- News1 hour ago
Can AI Really Steal Your Fingerprints From a Selfie?
