The much anticipated National Cybersecurity Strategy promised by the current administration was released earlier this year.
Among other things, the strategy calls for creating rules and policies designed to hold software makers accountable when their products expose users to bad actors. Once the new rules and policies begin rolling out, will they have any impact on application protection?
It is too early to definitively predict the implications of our new national strategy. But irrespective of how Washington intends to hold software makers accountable, the need for application protection at the enterprise level will always exist. No software developer can produce 100% secure software that remains fully secure forever. Bad actors find workarounds. Cybersecurity experts must operate on the assumption that the next vulnerability is right around the corner.
A Three-Pronged Approach
The software aspects of our new national strategy rely on holding developers accountable through a three-pronged approach:
1. Eliminating Liability Contracts
As things currently stand, software developers can limit their liability by contract. They do so through licensing terms and conditions that almost always contain language releasing developers of any and all liability in the event their products are compromised. The administration wants to take that option away.
2. Establishing Standards of Care
Just as federal regulators have done with healthcare, the new national strategy calls for establishing a standard of care in software development. Such a standard would dictate the measures software developers would have to take to ensure adequate security for users. Any such standard would likely evolve over time.
3. Establishing a Safe Harbor
The third prong is establishing a safe harbor that would protect software developers from liability provided they take all reasonable steps to ensure the security of their products. A safe harbor is necessary for the simple fact that cybercriminals are particularly good at hacking even the most secure applications.
How long it takes before regulators start proposing rules is anyone’s guess. But now that the strategy has been officially released, it is only a matter of time before rule makers get to work. Depending on the rules they come up with, we may discover that application security gets a little easier at some point.
Protecting Against all Sorts of Attacks
In the broadest possible sense, application protection involves protecting apps against all sorts of attacks. Those attacks can come from the network edge. They can be launched through malicious code. They can be facilitated through undetected vulnerabilities in a recently updated application. There are so many possibilities, which is what makes application security so challenging.
Should the administration succeed in writing and implementing comprehensive liability rules for software developers, said rules will determine how companies like Hillstone Networks approach application protection. Certain aspects may get easier while others get harder. We just don’t know until we start seeing how the national strategy is implemented.
One way or the other, the need for application protection isn’t going away. As long as applications represent an inroad to threat actors looking to breach networks and steal data, the need to protect those applications will remain.
Diligence Is the Key
Our perspective at Hillstone Networks is one of diligence. We firmly believe that diligence is the key to maximizing cybersecurity across its many disciplines. Whether it is application protection or guarding the network edge against threat actors, there is never an occasion to let our guard down.
While we wait for the administration to begin rolling out its new software liability rules, Hillstone Networks will continue to work with clients to maintain cybersecurity at every level.
