The National Security Agency, in partnership with other federal agencies, has released a cybersecurity information sheet, or CSI, outlining recommended actions to address software understanding gaps.
The CSI was finalized in coordination with the Cybersecurity and Infrastructure Security Agency, the Defense Advanced Research Projects Agency and the Office of the Under Secretary of Defense for Research and Engineering, NSA said Thursday. The document highlights the need for systems owners and operators to construct their software-controlled infrastructure across normal, abnormal and hostile conditions.
Table of Contents
Software Understanding as Critical Effort
According to NSA Research Technical Director Neal Ziring, the report urges the government and private sectors to treat software understanding as a critical effort to the country’s success in the future.
“A lack of understanding of software imposes risks on many critical systems that are dependent on software to run properly and as intended,” he noted.
The new report pushes for enhanced collaboration to achieve “a more vigorous understanding of software on a national scale,” CISA said in a separate release, adding the U.S. government is already involved in activities, such as research investments and mission agency initiatives, seeking to improve software understanding.
Policy Actions, Innovations and Investment
Titled “Closing the Software Understanding Gap,” the CSI says software understanding gaps can be addressed by implementing policies that require characterizing software behavior before it is deployed into critical systems. The document also calls for the introduction of technical innovations, such as artificial intelligence, to develop reliable and affordable capabilities. Additionally, stakeholders are encouraged to invest in research, development and engineering for a unified set of software understanding capabilities.