Multiple steps are needed to improve the resiliency of federal networks, according to a National Institute of Standards and Technology conference.

The July conference, titled “Enhancing Resilience of the Internet and Communications Ecosystem,” found six areas that need to be addressed:

  • Because the majority of hacked devices used by botnets are outside the U.S., coordinated global action is needed to stop them.
  • The tools are out there to beef up cyber resilience, but they are underutilized.
  • Products need security throughout their life cycle. “Devices that are vulnerable at time of deployment, lack facilities to patch vulnerabilities after discovery, or remain in service after vendor support ends, make assembling botnets and distributed threats far too easy,” the conference concluded.
  • Security is compromised by lack of knowledge and education of home and enterprise customers, product developers and infrastructure operators. “In particular, customer-friendly mechanisms to identify more secure choices analogous to the Energy Star program or vehicle crash ratings are needed to inform procurement decisions.”
  • There is a conflict between the free market and cybersecurity. “Market incentives motivate product developers and vendors to minimize cost and time to market, rather than build in security or offer efficient security updates,” the conference found.
  • There needs to be coordinated action across all stakeholder communities.
Share:
More In