Saturday, August 19, 2023

Why The CISA Needs To Be Transformed Into The Department Of Cybersecurity

 


One of the biggest complaints in Cybersecurity today (among many others) is that the Small to Medium Sized Business (SMB) community is that trying to procure services that are needed to protect the lines of defenses are simply too expensive for them to afford.  While I can see this to a certain extent, the truth of the matter is that Cyber services are now getting very affordable to the SMB owner.

But, it takes some work and research to find these vendors.  So, in an effort to help out the smallest of the small businesses, people are now calling upon the US Cybersecurity and Infrastructure Security Agency (CISA) to aid in this effort, and to provide a central place where the business owners can get access to the information to whatever they may need.

Here is what is being proposed for the CISA:

1)     Create a centralized approach for membership:

At the present time, many people feel that joining the CISA is too expensive.  There are many cries out there for them to lower the price, so that all businesses can afford it.  In a worst case scenario, there should be at least a tiered level membership.

2)     Expand the use of Albert Sensors:

Truth be told, this is the first time that I have heard of this technology.  These are actually intrusion detection systems, and there are currently about 800 of them being used across local and state governments all over the country.  It has been estimated that they have generated over 250,000 alerts and warnings on annual basis.  The nice thing here is that are provided for and funded by CISA.  The thinking here is that if CISA can do it this for the government, why can’t they do this also for the smallest of the small?  Or if not, at least give them access to the information and data that is generated from it?  More information about Albert Sensors can be seen at this link below:

https://sos.oregon.gov/elections/Documents/vote-systems/albert-sensor-february-2022.pdf

3)     More involvement from the Cyber community:

There has always been a need for this, and many people have voiced their support for this.  But however, it is a lot easier said than done.  Unfortunately, many Cyber vendors still view the SMB market as not enough money to be made off of, but IMHO, they need to get away from this kind of thinking.  I really don’t see the harm in offering some pro bono services, giving back what you have been given goes a long way, I have been taught.  But for this instance, people want the MSPs and the MSSPs do take a much bigger role in this effort, led by CISA.

4)     Have a better portal:

At the present time, I don’t think that CISA has an actual portal for members to log into, and get the latest updates.  Because of this, people want CISA to create and deploy a Cyber portal for all members to access, and which can also be customized to their own requirements.  But the most important thing that is needed right now is for intelligence gathering and sharing, and making it as easy as possible to access.

5)     Have a quicker time to report:

 

Right now, there is a lot of effort on part of the regulatory bodies (such as the SEC) to mandate upon companies that they must report a security breach within a certain timeframe.  People now want CISA to do the same thing, but for all businesses, no mater how large or small they might be, or the industry that they are in.

My Thoughts On This:

The point of all this is to have a central point of control, so that everything will follow in a streamlined process.  But in my view, it is going to take much more than this.  We need a federal agency to do all of this, such as a Department of Cybersecurity.  This needs to be set up in way as to how the DHS was set up right after 9/11.

I am actually going to be writing a whitepaper on this, so stay tuned!!!

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...