Software Integrity

 

U.S. Cybersecurity National Action Plan includes UL’s Software Testing Program

On Tuesday the White House announced its Cybersecurity National Action Plan (CNAP). It builds on the momentum to secure the government’s and the nation’s databases and use of the Internet following the passage of the Cybersecurity Act of 2015 in December and heavily leverages newly created mechanisms for private companies to share cyber threat information with each other and the Government. The president believes more can be done in cybersecurity, particularly when it comes to protecting ordinary citizens from fraud and data breaches.

The White House describes the new plan as near-term actions that are part of a long-term strategy to empower Americans to take better control of their digital security. It continues the partnership with the owners and operators of critical infrastructure to improve cybersecurity and enhance the Nation’s resiliency. Toward that end it calls out some specific examples.
One example cited is the recent effort by Underwriters Laboratories (UL) to develop a Cybersecurity Assurance Program (CAP). Specifically the White House said “Department of Homeland Security is collaborating with UL and other industry partners to develop a Cybersecurity Assurance Program to test and certify networked devices within the ‘Internet of Things,’ whether they be refrigerators or medical infusion pumps, so that when you buy a new product, you can be sure that it has been certified to meet security standards.”

Last August, Synopsys announced it was collaborating with UL on the Cybersecurity Assurance Program, which was described as providing “a baseline structure for cybersecurity assurance and will be customized for specific industry segments.” This was an extension of UL’s existing collaboration with Codenomicon, a cybersecurity company which Synopsys acquired last summer. “The UL Cybersecurity Assurance Program is a first step in helping our customers focus on innovative ideas and technologies by providing a framework for assessing their products for cybersecurity vulnerabilities and software weaknesses,” said Ken Modeste, the principal engineer at UL responsible for CAP in a press release. “We are very excited about this program and look forward to our continued collaboration with Synopsys and others to drive this forward.”

Within the CNAP, the president also signed two new Executive Orders. The first Executive Order establishes a Commission on Establishing National Cyber Security. The commission is charged with enhancing “cybersecurity awareness and protections at all levels of Government, business, and society.”

A second Executive Order would establish a Federal Privacy Council. The council would create ways for the government to protect the privacy of the data it collects, and its first report is due in 120 days.
These build upon the previous cybersecurity-focused Executive Orders from President Obama: Critical Infrastructure (2013) and Information Sharing (2015).

CNAP also calls for the establishment of a new Federal Chief Information Security Officer to drive modernization changes across the Government. As well as the creation of a new Commission on Enhancing National Cybersecurity, composed of “top strategic, business, and technical thinkers from outside of Government – including members to be designated by the bi-partisan Congressional leadership.”

To pay for these improvements, the White House is asking Congress for $19 billion of the President’s Fiscal Year (FY) 2017 Budget be dedicated for US Government cybersecurity with $3.1 billion of that specifically to modernize the government’s information technology.