(Illustration: Pixabay)
The Cybersecurity and Infrastructure Security Agency (CISA), a federal agency of the United States, is expanding its efforts to secure open source software, reports an article by FCW. Dedicated to US federal technology, this site reports statements on April 6 from Jen Easterly, director of CISA.
“Investing for the resilience of the open source ecosystem”
She announced that the agency is hiring an open-source security manager, and bolstering its public-private sector association, the Joint Cyber Defense Collaborative (JCDC), to “advance security for arguably the most important ecosystem for the operation of the federal government and critical infrastructure”.
During an Atlantic Council (an American think tank) event on cybersecurity, Jen Easterly said: “We must invest to ensure the security, resilience and sustainability of the open source ecosystem.”
The JCDC focuses on identifying and mitigating the risks of open source software such as industrial control systems. Addressing the security risks of open source software is featured as a key priority in the JCDC’s 2023 program. It aims to develop “side-by-side approaches to confronting malicious actors and significant cyber risks” for the federal government and its private partners.
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly (@CISAJen) and Acting National Cyber Director @KembaWalden46 and others discuss US cybersecurity strategy, @AtlanticCouncil hosts – LIVE on C-SPAN https://t.co/VB4yHmkjrS pic.twitter.com/iOYZ8VbtnH
—CSPAN (@cspan) April 6, 2023
CISA manages the government’s vulnerability disclosure program, and it also works with the Office of the National Cyber Director, the Office of Management and Budget, and the Open Source Security Foundation, to create repositories of software and drivers of packages. They must guarantee that the products and services have been regularly updated, or if necessary withdrawn from public libraries.
“It is always possible to download vulnerable, even malicious, code from open source software libraries,” the CISA director said. “So that’s extremely important, and we’re trying to shake things up this year.”
For its 2024 budget, CISA requested nearly $425 million (€391 million) to build a single internal repository for its analysts and to help prevent breaches before they happen.
Read also
Cybersecurity agency provides incident response guidance – February 21, 2022
Google and Microsoft fund open source software security – February 13, 2022
Open Source Security Foundation: Bundle to Better Secure – August 4, 2020