President Trump's Cyber Strategy for America - what does "Common Sense Regulation" actually mean?

Six Policy Pillars underpin this strategy and will guide implementation and measures for success...

1. Shape Adversary Behavior 2. Promote Common Sense Regulation 3. Modernize and Secure Federal Government Networks 4. Secure Critical Infrastructure 5. Sustain Superiority in Critical and Emerging Technologies 6. Build Talent and Capacity

This document doesn't really say a lot that hasn't already been part of loose direction across the USA and its allies for at least ten years. But I did pick up on a couple of things:

"We will prioritize the security and resilience of the National Security Systems that underpin our military, intelligence, and civilian enterprises."

"Cyber defense should not be reduced to a costly checklist that delays preparedness, action, and response."

I'm sure anyone bogged down with CISA, HIPAA and NIST will be scratching their heads over these statements!

Performative compliance aligned to "controls libraries" is a laborious tickbox exercise especially if your business is bogged down constantly by having to submit to external audits or repeat the status of compliance to multiple government agencies because they're not joined up enough to have a single central reporting mechanism; HOWEVER if there's no comparison mechanism at all, there's no way to know if a supplier of "critical infrastructure" is hitting the security standards that the Administration expects.

And it's actually the supply chain that's the question here. Sure, the whole public sector network security issue needs fixing, but GLOBALLY, nations are finding that there are some attack vectors hitting the government staff and networks and other attack vectors that are attacking the supply chain.

You can't over-regulate the government Cyber stuff and de-regulate the private sector, without creating massive cybersecurity risks - especially if you heavily rely on private sector innovation to operate the government sector services.

Simple example: We all want AI-enabling startups innovating to achieve cybersecurity ambitions across the government sector. At the same time, we certainly don't want those startups simply putting a shim over a Chinese AI model, or outsourcing the coding to a team in the Russian Caucasus.

Anyone else have any thoughts on this?

I’ve been dealing with USDA Inspectors and they are beyond common sense. PITA and the animal rights people have filled the government inspection and animal protection roles at all levels of government.

They actually are writing violations and fining farmers who are not at their barn in the middle of the day to meet them during surprise inspections. They claim the farmer does not have regular hours.

I explained that the barn hours are 5 am to 7 am and 5 pm to 7 pm. These are every day, 7 days a week. You can’t get more regular than that.

In one instance, they were cited as one animal out of more than over 900 had a growth. I explained that it was treated, but treatment does not heal the sore immediately.

Freaking crazy liberal women with power that has gone to their head.

Oh, and the statute of limitations is 5 years, so they are now filing complaints for fabricated violations 5 years ago, even though the business was closed 3 years ag!. Their harassment was so great that most of the farmers raising small animals have stopped to get rid of the harassment. (raising guinea pigs for research)

"Cyber defense should not be reduced to a costly checklist that delays preparedness, action, and response."

checklists can be common sense or mindless rubrics. Those 15 character passwords with special characters? Mindless rubric. Proper server security disallows password guessing and disallows cracking of password hashes. With those proper server securit measures a 4 character password is equally strong.

Along with security the entire SW field is infected by dogma. It has infected the AI too, which produce solutions driven by dogma, basically: "this is how the experts do it so it's how everyone has to do it". But it turns out so-called experts in fields like cyber security including entire companies are mostly raking in the bucks with costly checklists.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.