Government prioritizes cybersecurity preparedness in the new digital era

The following post is a paid partnership between Spectrum Enterprise and Chuck Brooks.

The government has been upgrading and restructuring cybersecurity capabilities throughout agencies, both civilian and military. A growing and more sophisticated threat matrix has called for new actions by the government to meet and mitigate cyberthreats. Because of increased connectivity, the surface area for cyberattacks has widened. Home offices and remote work have aided in this exponential risk growth.

The increasing interconnection of cyber devices, companies, and apps has led to a surge in cyber intrusions and threats from hackers and viruses. Adversarial nation-states, disparate criminal organizations, and loosely connected hackers are some of the more complex and sophisticated cyberthreat actors. 

The firm Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year over the next five years, reaching $10.5 trillion USD annually by 2025. 

The United States General Accounting Office (GAO) list below represents a partial set of typical threats:

• Terrorists and other non-state actors
• Criminal groups
• Business intelligence operators
• Bot-network operators
• National intelligence and psychological operations organizations
• Spammers use the above methods to distribute unsolicited e-mails
• National and/or commercial organizations specializing in deploying spyware or malware 

Cybersecurity: a government-wide strategic focus

Restructuring government responsibilities and resources has coincided with cybersecurity being a strategic focus. For instance, the US Cyber Command, Army Future Command, Department of Defense (DOD), and the armed forces are investing in the procurement of innovative technologies and the training of cybersecurity personnel. The Department of Homeland Security (DHS) established CISA with the primary goal of addressing cybersecurity threats to critical infrastructure. DHS is spearheading the cybersecurity endeavor in the civilian sector to safeguard government domains. 

This increased government emphasis on cybersecurity is mostly due to the quick changes occurring in the field of information technology. The capability and connectedness of cyber gadgets and communications have increased dramatically in the last few years. The hazards posed by malware and hackers, as well as cyber intrusions, have also increased, necessitating reorganizing goals and priorities. 

Public-private cooperation in combating cyber threats is a priority

Using Public-Private Partnerships (PPP) based on shared R&D, prototyping, and risk management frameworks has evolved into a fundamental component of cybersecurity. To tackle the issues brought on by more complex and advanced cyberthreats, a high degree of public-private cooperation is needed. The U.S. government is aggressively looking for corporate technology to increase the efficacy of threat mitigation and analysis, as well as assistance from the private sector in technology to reduce danger vectors.

Cybersecurity cooperation between government and industry is now more urgent than ever due to the exponential growth in the cyber risk environment, demonstrated by state-sponsored and cybercriminal intrusions.

One of the main purposes of government and industry partnerships is the exchange of information about risks and dangers. To stay informed on the most recent ransomware, malware, phishing scams, viruses, and insider threats, sharing this information is beneficial for both industry and government. By establishing workable mechanisms for resilience and lessons learned, information sharing also helps enforce laws against cybercrimes and promotes successful business.

DHS CISA has placed a strong emphasis on public-private collaboration in national security. Developing guidelines and best practices to better defend against targeted cyberattacks was one of the main objectives of the collaboration between DHS/CISA and the National Institute of Standards and Technology (NIST) to develop information-sharing protocols and other ways to bring the public and private sectors together.

The recent creation of the Joint Cyber Defense Collaborative (JCDC) by DHS CISA is a significant step toward catalyzing closer public-private cooperation. The JCDC is also supported by other government agencies including the FBI, NSA, and U.S. Cyber Command to help drive down risk in partnership with industry. The purpose of the JCDC is to:

• Design whole-of-nation cyberdefense plans to address risks
• Support joint exercises to improve cyberdefense operations
• Implement coordinated defensive cyber operations

Prioritizing critical infrastructures and critical manufacturing, the JCDC will concentrate its early efforts on developing strategies and responses to the ransomware pandemic that targets both industry and government. The majority (85%) of the vital infrastructure for cybersecurity in the United States is controlled by the private sector and subject to public regulation.

The White House has also increased industry and government collaboration in several areas, including supply chain security and safeguarding vital infrastructure, the majority of which is privately owned. The fundamental objective of collaboration concerning critical infrastructure is to assist in defending against deliberate cyberattacks on the country's vital infrastructure. These measures include financial systems, chemical plants, water and electricity utilities, hospitals, communication networks, pipelines, shipping, dams, bridges, highways, and buildings. 

Government cyber risk management strategies

To improve risk management in cybersecurity and to especially support the protection of critical infrastructure, the government supports three key risk management strategies for agencies and companies that interact with the government. 

• Zero Trust: Emphasizes stringent identity and access control that is upheld by appropriate authorization and authentication safeguard resources.
• Defense in Depth: Enables layers of redundant preventative security measures.
• Security by Design: Manages and maintains security process.

The cybersecurity paradigm known as Zero Trust (ZT) shifts defenses away from static, network-based perimeters and toward a focus on users, assets, and resources. Workflows and industrial and enterprise infrastructure are planned to use zero-trust concepts utilizing a Zero Trust Architecture (ZTA). Based only on an asset's physical location (local area networks versus the internet), its network location, or its ownership (personal or enterprise), Zero Trust presupposes that there is no implicit confidence given to assets or user accounts. Before establishing a session with an enterprise resource, separate processes of authentication and authorization (both subject and device) are carried out. 

Within the security community, Defense in Depth has several well-defined concepts. According to a NIST publication, the Defense in Depth idea is "an important security architecture principle that has significant application to cloud services, storehouses of sensitive data, industrial control systems (ICS), and many other areas." We argue that a Defense in Depth posture is both "narrow," meaning that there are fewer node-independent attack pathways, and "deep," meaning that it has several layers of protection.

According to DHS CISA, “Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles should be implemented during the design phase of a product’s development lifecycle to dramatically reduce the number of exploitable flaws before they are introduced to the market for broad use or consumption. Products should be secure to use out of the box, with secure configurations enabled by default and security features such as multi-factor authentication (MFA), logging, and single sign-on (SSO) available at no additional cost.” 

Cybersecurity is strengthened by the combination of Security by Design, Defense in Depth, and Zero Trust. The details of the government’s security strategy can change depending on the scenario, situational awareness, and methodical skills for vital communications in an emergency are the threads that bind the pieces together. The National Institute of Standards and Technology (NIST) motto for business and government in the United States is "Identify, Protect, Detect, Respond, Recover."

Emerging technologies impacting stronger government cybersecurity posture

Both threat actors and cyberdefenders can use emerging technologies as tools. Artificial intelligence, machine intelligence, Internet of Things, 5G, virtual and augmented reality, and quantum computing are all part of the present cyber-threat scenario. Cloud, Hybrid Cloud, and Edge Platforms are replacing older systems in many agencies' and institutions' processes to safeguard and aggregate data. New cybersecurity requirements are being brought about by emerging technologies and these technologies are causing operational transformations.

For example, security in the supply chain, and the impact of artificial intelligence (AI), Internet of Things (IoT), and 5G are evolving and fusing, and they present formidable obstacles.

By leveraging artificial intelligence, and other analytic techniques to enable malware infiltration and search for vulnerabilities, threat actors — particularly state-sponsored ones—and criminal businesses are becoming increasingly skilled at their craft. Moreover, quantum computing is just over the horizon and will pose new threats (particularly in decrypting data) as well as many disruptive technological opportunities. 

Government has recognized that being proactive rather than reactive makes sense for anyone operating in the digital landscape. In today’s sophisticated threat environment, cybersecurity can no longer be viewed as an afterthought. The upgrading of risk management frameworks, enhancing public-private cooperation, and the added focus on addressing the impact of emerging technologies for good and bad are the right courses of action for government to continue to pursue.