Whitmore argued that the era of isolated, disjointed or manual solutions should be over. But that doesn’t reflect the reality at many organizations and companies, where understaffing and limited budgets lead to poor cybersecurity hygiene.
“Most software attacks exploit preventable vulnerabilities in software products or insecure default configurations. This could be as simple as a default password that sits unchanged,” lamented Jack Cable, CEO and co-founder of San Francisco-based Corridor, which makes AI-powered development platforms.
Another point of agreement: the federal government could take advantage of its massive purchasing power to force Silicon Valley software contractors to increase the quality and security of their code, so that it’s “secure by design,” in cybersecurity lingo.
“The government has an obligation to set clearer security standards that are more consistent across the government,” said Jeanette Manfra, global director for security and compliance at Google Cloud, who served as a cybersecurity official during the Obama and first Trump administrations.
The expert witnesses touched only lightly on hopes for federal regulation or the recent exodus of technical talent from CISA. They seemed clear they were speaking to a friendly audience on the House Committee on Homeland Security, who already understand what needs to be done from a cybersecurity perspective in Washington D.C., as well as the political obstacles that lie in their way.
Industry watchers said the ball is now in the court of the committee’s Republican lawmakers to lobby the Trump administration to prioritize cybersecurity and turn the industry’s best practices into policy or even law.
