Last year, there were over 18,000 new cyber vulnerabilities identified across both the public and private sectors. In response, the Cybersecurity and Infrastructure Security Agency (CISA) will direct federal agencies to address and patch weaknesses in their digital platforms.
- Brig. Gen. Gregory Touhill, director at the CERT Division at the Software Engineering Institute and former chief information security officer of the United States, said the directive, which includes a catalog of almost 300 cybersecurity vulnerabilities for civilian agencies to address, is a step in the right direction.
- The directive instructs agencies to fix the vulnerabilities within two weeks, which Touhill said may not be doable for all departments and agencies but sends a strong message to everyone in government and managers of critical infrastructure.
- Touhill said the complexity of the cyber ecosystem, attack surfaces and adversarial groups are all increasing.