Washington: In a study published today, the White House Office of the National Cyber Director (ONCD) urged the technical community to take proactive steps to lessen the attack surface in cyberspace. ONCD argues that by using memory-safe programming languages, technology manufacturers may keep entire classes of vulnerabilities out of the digital environment. To facilitate the creation of improved diagnostics that gauge cybersecurity quality, ONCD is also pushing the scientific community to tackle the issue of software measurability.
"It is our collective duty and capability as a country to lessen the attack surface in cyberspace and stop entire classes of security flaws from infiltrating the digital ecosystem, but doing so requires us to take on the challenging task of switching to memory-safe programming languages," stated National Cyber Director Harry Coker.
"The report released today outlines the threat and opportunity available to us as we move toward a future where software is memory-safe and secure by design, thanks to the work of our ONCD team and some incredible collaboration from the technical community and our public and private sector partners."
I'm also happy that we are collaborating with the academic community and asking for their assistance in resolving another challenging issue: how can we improve the diagnostics we use to gauge the caliber of cybersecurity? To safeguard our nation's security and our digital ecosystem over the long run, we must address these issues.
What is the Office of the National Cyber Director Doing?
The White House Office of the National Cyber Director (ONCD) is making sure that the technical community's expertise is represented in how the Federal Government approaches these issues by using an engineering-forward approach to policy making. Software and hardware developers can significantly affect the security of the country by incorporating cybersecurity results into the production process.
Among the most well-known cyber incidents in history include the Morris worm from 1988, the Slammer worm from 2003, the Heartbleed vulnerability in 2014, the Trident exploit from 2016, and the Blastpass exploit from 2023. These were attention-grabbing cyberattacks that seriously harmed the systems that society depends on daily.
Memory safety vulnerabilities are the common underlying cause of all of them. The digital ecosystem has been hampered by memory safety flaws for 35 years, but this doesn't have to be the case, according to Anjana Rajan, Assistant National Cyber Director for Technology Security.
“This report was created for engineers by engineers because we know they can make the architecture and design decisions about the building blocks they consume – and this will have a tremendous effect on our ability to reduce the threat surface, protect the digital ecosystem, and ultimately, the Nation.”
To mobilize a wide range of stakeholders to support the Administration's endeavor, ONCD has interacted with them. Here are statements of support from influential figures in academia, industry, and civic society.
A Shift in the Responsibility of Cybersecurity
Aligned with two primary tenets of the President's National Cybersecurity Strategy, which was unveiled almost a year ago, the report unveiled today represents a significant advancement in the transfer of cybersecurity accountability from private citizens and small enterprises to larger entities such as technology corporations and the federal government, which possess greater capacity to handle the constantly changing threat.
Additionally, this work complements and advances research and development initiatives and secures by-design projects from other Federal Government agencies, including CISA, NSA, FBI, and NIST. Congress's interest in this problem is complemented by the report's work on memory safety.
This includes the work done by the U.S. Senate and House funding Committees, whose funding legislation for Fiscal Year 2023 includes directive report wording demanding a briefing from ONCD on this topic. Furthermore, Senator Ron Wyden (D-OR) and Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters (D-MI) have emphasized their legislative efforts on memory safety to ONCD.
Concluding the Thoughts
The technical community was recommended to use memory-safe programming languages by the White House Office of the National Cyber Director (ONCD) in a study to reduce cyber threats. The ONCD stresses that to create more accurate cybersecurity quality diagnostics, software measurability must be addressed.
According to National Cyber Director Harry Coker, the country must lessen attack surfaces and keep security flaws out of the digital ecosystem. To address memory safety vulnerabilities, the paper calls for cooperation between the technical community, academia, industry, and civil society. Memory safety vulnerabilities are highlighted as a common underlying cause of severe cyberattacks.