June 17, 2024 at 08:45AM
MITRE’s memo “Don’t Trust but Verify” outlines key priorities for the next US presidential administration in cyberspace. It emphasizes protecting critical infrastructure, implementing zero trust and SBOMs, preparing for quantum computing, and clarifying cybersecurity leadership roles. MITRE calls for specific actions and timelines to address these critical cyber defense areas.
Based on the meeting notes, here are the key takeaways:
1. MITRE’s memo “Don’t Trust but Verify: Strengthening U.S. Leadership To Safeguard Our Cyber Defenses” identified key priorities for the next presidential administration, including:
– Protecting critical infrastructure
– Implementing zero trust and Software Bill of Materials (SBOMs)
– Preparing for quantum computing
– Clarifying and strengthening cybersecurity authorities
2. MITRE outlined specific actions and timelines for each priority, such as updating recovery plans for critical infrastructure within six months, fully migrating to zero trust within six months, preparing for cryptographically relevant quantum computers within six months, and clarifying cybersecurity leadership roles within 90 days.
3. The memo emphasized the need for DHS to take proactive steps, such as running simulations for critical infrastructure attacks, upgrading legacy systems to handle zero trust principles, and supporting local and state governments with security practices within 90 days.
4. MITRE also recommended utilizing the expertise of the PQC Coalition, an industry group formed to assist in making commercial and open source software compliant with National Institute of Standards and Technology (NIST) PQC standards.
5. Finally, the memo suggested clarifying and expanding the authority, roles, and responsibilities of cybersecurity personnel across key government offices and potentially spinning out the Cybersecurity and Infrastructure Security Agency (CISA) as an independent agency.
These takeaways highlight the key focus areas and actionable steps proposed by MITRE for the next presidential administration to strengthen U.S. leadership in safeguarding cyber defenses.