July 1, 2024 at 05:45AM
CISA director Jen Easterly states that the Cybersecurity Safety Review Board (CSRB) remains willing to address security flaws, despite concerns about private sector cooperation after a critical report on Microsoft. The board’s report detailed security failings at Microsoft, raising questions about future cooperation. The CSRB lacks legal authority but has received voluntary cooperation from Microsoft. Easterly also highlighted the importance of CISA’s Secure by Design pledge in promoting secure products.
The meeting notes from a conversation with CISA director Jen Easterly provide insights into the Cybersecurity Safety Review Board’s (CSRB) approach and its interaction with Microsoft. Despite the scathing report on Microsoft’s security failings, Easterly expressed hope that companies would continue to cooperate with the CSRB in the event of a serious security mishap. While the CSRB lacks legal authority to compel companies to collaborate on reports, Microsoft voluntarily engaged with the CSRB and received acknowledgment for its transparency and cooperation.
Easterly commended Microsoft’s transparency and the measures implemented by CEO Satya Nadella following the CSRB’s report. She also highlighted the Secure by Design pledge launched by CISA, aiming to promote secure-by-design principles within the industry, with over 150 organizations now signed up to the pledge. The emphasis on developing products with SBD principles adhered to could significantly reduce vulnerabilities and potentially mitigate the need for CSRB probes in the future.
Easterly referenced Verizon’s Data Breach Investigations Report, indicating the growing challenge of cyberattacks and the need to demand more from vendors in terms of product security.
Overall, the meeting notes suggest a focus on the collaborative efforts between the CSRB and the private sector, along with initiatives to enhance product security across the industry.