5 Key Steps to Building a Resilient Digital InfrastructureDavid Forscey of the Aspen Cybersecurity Group Provides a Road Map
In light of the SolarWinds supply chain breach and other security incidents, the United States has substantial work to do in building a resilient digital infrastructure, says David Forscey of the Aspen Cyber Group, who outlines a five-step road map.
The five action items are: enhancing education and workforce development; securing the internet's public core; boosting supply chain security; measuring cybersecurity and promoting operational collaboration.
Forscey explains why dealing with a supply chain breach, such as the SolarWinds incident, requires far more than blocking software or hardware originating in an adversarial nation-state.
"What SolarWinds shows us is that there's this other piece, which is how organizations manage their own supply chains - including software, not just hardware - and how we can help shape incentives for suppliers to have more secure systems," Forscey says in an interview with Information Security Media Group.
"Attackers don't have to build some elaborate global hardware supply chain to insert a backdoor into a router way before it gets into your company. They can just go after the software companies, many of them actually U.S.-based, that your company already depends on. So that's a much more difficult matter to address when it comes to federal policy because you can't just say, 'Oh, well, we're going to ban any software companies that are based in Russia from being used in critical infrastructure' because the problem isn't just based on country of origin. It's just endemic to software."
In this interview (see audio link below photo), Forscey discusses:
- The role and membership of the Aspen Cybersecurity Group, a subsidiary of the Aspen Institute;
- The five action points for building a resilient digital infrastructure, as described in a new report;
- Aims of the Aspen Cybersecurity Group for 2021.
Forscey is managing director of the Aspen Cybersecurity Group at The Aspen Institute, where he runs a multidisciplinary forum for policymakers, business executives and security professionals dedicated to solving cybersecurity problems. He previously worked on state and local cybersecurity policy at the National Governors Association. He also served as national security fellow at Third Way.