The US government has recently stepped up its efforts to fortify its cyber defenses in response to a steady increase in hacking and other forms of cybercrime against the nation. On Thursday, the US government unveiled a new cybersecurity strategy.
The strategy calls for stricter regulation of cybersecurity practices across sectors and better cooperation in the government-private sector. It is meant to serve as a roadmap for future policy. It follows a string of high-profile hacking attacks on the US by local and foreign actors.
The document emphasizes protecting critical infrastructure (CI), and public-private partnerships, encouraging long-term investments in cybersecurity and resilience, and providing smaller entities with the support they need to implement better cybersecurity.
To learn more in detail about the revised cybersecurity strategy, click here.
Among the most frequent types of cyberattacks, ransomware attacks, in which cybercriminals seize control of a target's systems and demand a ransom payment, have recently affected many sectors.
"The criminal justice system won't solve this problem on its own; we need to look at other elements of national power," the official said.
The plan suggests, among other things, raising the bar for patching computer system flaws and enacting an executive order requiring cloud service providers to confirm the identity of foreign clients.
Here, we'll look at the first pillar—Defend Critical Infrastructure—and consider what it might entail for operators in the near- and long term. We'll go over the first pillar's three strategy goals below.
Strategy 1: Establish Cybersecurity To Protect National and Public Security
The federal government will use already-existing regulation powers to establish cybersecurity standards for vital industries. These rules will be performance-based and draw on already-established norms and customs. Those who provide "essential third-party services," such as cloud computing companies, should prepare for increased scrutiny and regulations.
a. Streamline and Harmonize Current and New Regulations
Regulatory agencies will use current global standards and ensure they are harmonized globally to prevent new regulations from impeding digital trade flows and reduce the cost and complexity of new cybersecurity requirements.
b. Allow Regulated Organizations To Afford Security
Federal agencies should consider factors in various industries that affect how well-equipped those businesses are to bear the costs of increased cybersecurity, keeping in mind smaller entities and low-margin sectors. Regulators are urged to use rate-making, taxation, or other methods as incentives to encourage investment in cybersecurity.
Strategy 2: Public-Private Collaboration
Information sharing lacks credibility and verification and has been segregated into industry-specific, business-specific, or government agency-specific mechanisms, resulting in solitary information sources with little to no agreement. There is no way to standardize and correlate threat and vulnerability research created by the competitive market leaders in terms of the threat environment. Despite reluctance to aggregate data, a vendor-neutral method for sharing early warning data in real-time is necessary for helpful information sharing.
Strategy 3: Improve Federal Defenses
Federal civilian executive branch (FCEB) agencies and National Security Systems (NSS), which house some of the most sensitive Federal government data, will be the focus of the Federal government's modernization and updating of its own digital infrastructure to support a zero trust security strategy.
By making centralized services more accessible and emphasizing the security of the software supply chain, such as by requiring Software Bills of Material (SBOMs), CISA will create a strategy to protect FCEB agencies jointly. Similar to the most recent BOD 23-01, more binding operational directives will likely be forthcoming for FCEB organizations.
This is only the beginning...
Attacks on vital assets by hackers have significantly affected Americans recently. Progress is only feasible if we provide incentives for stakeholders to collaborate since no one group can solve the issue independently. Although it may be challenging, changing the incentives for an entire industry is feasible. With only a marshmallow as a reward, even kids could work together. Our primary motivation is the security of our vital assets. What are we holding out for?
Take Away!
While CEOs should firmly encourage their engineering teams to stay ahead of the curve, businesses must monitor these changes. Software and hardware items can only be safer if the source files are protected from being encrypted by ransomware, stolen by a contractor, or altered by a malicious insider or hacker, even if new legislation does not pass. These events are unquestionably significant, and the board should be informed about the company's efforts to protect intellectual property and the development procedures.
With Fusion Factor, Prepare Yourself For The New Cybersecurity Strategies!
The daunting job of remediation following a ransomware attack has been made easier for companies of all sizes in San Diego County with the aid of Fusion Factor. To assist businesses to cross the finish line, we have been there, doing it.