{"id":7050,"date":"2025-01-23T16:14:18","date_gmt":"2025-01-23T22:14:18","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/cisa-calls-for-action-to-close-the-software-understanding-gap"},"modified":"2025-01-23T16:14:18","modified_gmt":"2025-01-23T22:14:18","slug":"cisa-calls-for-action-to-close-the-software-understanding-gap","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/23\/cisa-calls-for-action-to-close-the-software-understanding-gap\/","title":{"rendered":"CISA Calls For Action to Close the Software Understanding Gap"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

PRESS RELEASE<\/span><\/span><\/p>\n

WASHINGTON \u2013<\/span><\/span> Today, the Cybersecurity and Infrastructure Security Agency (<\/span>CISA<\/a><\/span>), in partnership with the Defense Advanced Research Projects Agency (<\/span>DARPA<\/a><\/span>), the Office of the Under Secretary of Defense for Research and Engineering (<\/span>OUSD R&E<\/a><\/span>), and the National Security Agency (<\/span>NSA<\/a><\/span>), published <\/span>Closing the Software Understanding Gap<\/a><\/span> that calls for decisive and coordinated action by the U.S. government to obtain a deep, scalable understanding of software-controlled systems. Specifically, the report calls for software-controlled systems that can be assessed to verify functionality, safety, and security across all conditions, which is currently not available.<\/span><\/p>\n

Mission owners and operators lack adequate capabilities for software understanding because technology manufacturers build software that greatly outstrips the ability to understand it. The inadequate understanding leads to exploited software vulnerabilities because technology manufacturers create software that is not secure by design.<\/span><\/p>\n

\u201cRecent discoveries of adversarial state-sponsored activity in <\/span>US critical infrastructure<\/a><\/span> \u2013 primarily in <\/span>Communications<\/a><\/span>, <\/span>Energy<\/a><\/span>, <\/span>Transportation Systems<\/a><\/span>, and <\/span>Water and Wastewater Systems<\/a><\/span> \u2013 pose imminent threats to US national security. The software understanding gap exacerbates the risk to this threat activity,\u201d said <\/span>CISA Technical Director Chris Butera<\/span><\/span>. \u201cMission owners and operators have an enormous and accelerating dependence on the software underwriting U.S. critical infrastructure. With our partners, we urge the USG to close this gap before other nations and urge software manufactures to align to Secure by Design principles.\u201d <\/span><\/p>\n

The report highlights potential solutions to change the security posture of legacy and future software. One example is the application of mathematically rigorous techniques known as formal methods. For a long time, formally verified software has seemed hopelessly out of reach, but advances by DARPA and others over the past decade have made formal approaches more accessible for mainstream practice.<\/span><\/p>\n

\u201cWe have the tools today to greatly reduce the number of software vulnerabilities that plague our software infrastructure,\u201d said <\/span>DARPA\u2019s Information Innovation Office Director, Kathleen Fisher<\/span><\/span>. \u201cRapid action to implement these tools in legacy and future systems can dramatically reduce the United States\u2019 cyber vulnerabilities ahead of future global conflicts.\u201d<\/span><\/p>\n

This report also provides recommendations to obtain a deep, scalable understanding of software-controlled systems, including AI-based systems. By providing an adequate capacity for software understanding, the United States will secure an advantage in geopolitics for the foreseeable future and will help harden critical infrastructure against state-sponsored activity.<\/span><\/p>\n

This report highlights the enduring broad government coordination required to create the capabilities to address these threats.<\/span><\/p>\n

For more information on Secure by Design, visit <\/span>Secure by Design<\/a><\/span> webpage.<\/span><\/p>\n

About CISA<\/span><\/span> <\/span><\/p>\n

As the nation\u2019s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.<\/span><\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

PRESS RELEASE WASHINGTON \u2013 Today, the Cybersecurity and Infrastructure Security<\/p>\n","protected":false},"author":12,"featured_media":7051,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-7050","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=3840%2C2160&ssl=1",3840,2160,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/cisa-calls-for-action-to-close-the-software-understanding-gap.png?fit=3840%2C2160&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7050"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7050\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/7051"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7050"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7050"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}