Eric Goldstein: Rapid Cybersecurity Resolution Model Needs to Be Overhauled

A Cybersecurity and Infrastructure Security Agency official said a rapid approach to addressing computer vulnerabilities is not the best way to resolve the issue.

Speaking at an ISC2 event on Friday, Eric Goldstein, executive assistant director for cybersecurity at CISA, said the “patch faster, fix faster” model does not account for adversaries’ capabilities and adaptability and added that it should be replaced with a framework where providers play a more active role. Goldstein shared that technology providers must enable enhanced security options by default, embrace memory-safe languages and be the first to mitigate and respond to threats.

Goldstein also said artificial intelligence and other emerging technologies could help speed up vulnerability identification and remediation, especially in legacy codes, which adversaries use to exploit systems, CyberScoop reported.

CISA has been zeroing in on improving cybersecurity for various sectors, including critical infrastructure.

In November, the agency announced a pilot to identify if voluntary cybersecurity shared services delivery would be beneficial for critical infrastructure operators. Under the pilot, CISA would extend its Protective Domain Name System Resolver to ensure that interested operators would not connect to malicious domains by mistake.

The Protective DNS Resolver uses government and commercial threat intelligence to identify malicious domains.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now