Business Services
From Cybersec Guidelines to Guardrails: America Must Ditch the Standards Debate for Practical Cybersecurity Wins
Moving beyond voluntary frameworks to mandatory enforcement is the only way critical infrastructure can effectively combat escalating cyber threats
Key takeaways
Voluntary cybersecurity frameworks are insufficient for protecting critical infrastructure against modern threats.
Mandatory enforcement mechanisms must replace ongoing debates about standards to achieve real security outcomes.
Practical cybersecurity wins require action and accountability, not just guidelines and recommendations.
Recent calls from Federal IT leaders for the Cybersecurity and Infrastructure Security Agency (CISA) to implement stricter cybersecurity standards and enhance collaboration have given rise to a pressing question: How can sectors of critical infrastructure effectively shield themselves from the growing wave of cyber threats through actionable and enforceable cybersecurity practices?
Drawing on his experience as the former Chief Strategist for the CISA COVID Task Force (2020-2022), I Am The Cavalry Founder Josh Corman highlights the crucial need to move from voluntary frameworks to mandatory cybersecurity standards that clearly establish what constitutes negligence. Corman called for a more focused approach, emphasizing the importance of a vital transition towards practical and mandatory cybersecurity measures in order to strengthen the defenses of critical infrastructure against an ever-expanding landscape of cyber threats.
There's a lot of frameworks. Unfortunately, there's very little progress… What we need is less frameworks and more progress against these minimum hygiene levels.
— Josh Corman, Founder at I Am The Cavalry
About the author
