Today's organizations know that stopping 100% of cyber-attacks is not a realistic goal. Rather, the focus has shifted to cyber resilience, "the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources."
A critical pillar in becoming resilient is communication and collaboration. The Cyber EO focused on improving the nation's cybersecurity and highlighted the need to improve collaboration with threat intelligence sharing between public and private organizations as well as the creation of cross-government cyber boards. In recent months, key strides have been made in facilitating information sharing around cyber best practices, resource availability, as well as process and policy.
Cooperation between federal, state and local agencies
A recent bill, The State and Local Government Cybersecurity Act, aims to increase cybersecurity coordination between the Department of Homeland Security (DHS) and state, local, tribal and territorial governments. This coordination is critical as state and local governments are an attractive target for cyber-attacks due to the fact that they hold valuable information, but frequently lack the expertise and funding to stay ahead of attackers.
This new bill improves collaboration between DHS and state and local governments by calling for the National Cybersecurity and Communications Integration Center (NCCIC) -- DHS's 24/7 cyber situational awareness, incident response and management center -- to provide operational and technical cybersecurity training for state and local agencies. The bill sets up two-way information sharing so that NCCIC can help state and local agencies share threat indicators and information about cybersecurity risks and incidents with federal agencies and each other. It also ensures that the NCCIC notifies state and local agencies about specific incidents and malware that may affect them or their residents.
Cybercrime knows no borders
Geographic and political divisions mean nothing to cyber threat actors. They can be attacking a target in the U.S. and China simultaneously. Cyber-attacks have similar impacts no matter where they happen and can have cascading consequences to economies and citizens globally. The U.S. Justice Department recently participated in a workshop with the European Union Agency for Criminal Justice Cooperation (Eurojust) focused on deterring ransomware hackers and pushing for more resources to help other nations prosecute those leveraging cryptocurrencies to mask their illicit activity.
Technology companies are also pushing for a globalized effort in stopping cybercrime. In recent testimony before the House Homeland Security Committee, the Information Technology Industry Council advised that "Policymakers should prioritize global harmonization and regulatory cooperation to support a voluntary, industry-driven consensus around core baseline capabilities for [internet of things] security that are grounded in global standards." While the U.S. has not pushed for legislation around cyber, there are some best practices to be learned in legislation being introduced in the European Union, the United Kingdom and Canada laying out specific responsibilities for companies to take in securing IoT and measures like fines to enforce them.
Advancing public/private partnerships
The Cyber EO was clear that to improve national cybersecurity posture the government and private industry have to share information on attacks, vulnerabilities, and solutions. One area that is benefitting from this open communication and problem solving is the use of cryptocurrency for cybercrime.
Cryptocurrency has the potential to fund terrorist activities or be used to evade U.S. legal sanctions. Ransomware attackers are increasingly demanding payment in the form of cryptocurrency as it can anonymize the recipient. In recent testimony, cryptocurrency firms were clear in their willingness to partner with federal law enforcement to curb abuses of digital currency transactions. Technology experts pointed out that blockchain, the technology that underlies cryptocurrency, was built to keep records so no recipient in the chain can remain anonymous forever.
Government is also working with private utilities to strengthen their cyber posture. The Department of Energy recently released its National Cyber-Informed Engineering Strategy which provides guidance for building resilient energy systems that can withstand cyberattacks. The strategy encourages the incorporation of cybersecurity technology early in the engineering process as a way to lessen risk. It provides details on how to design security across the lifecycle of grid development.
Water utility leaders are looking for similar guidance as they ask the Environmental Protection Agency (EPA) to ramp up its oversight of cybersecurity standards. The EPA has an estimated $7 million in its annual budget dedicated to cybersecurity operations within the agency's Office of Water, but it is recommended that they need at least $45 million. This funding could support the development of a co-regulatory model for the water sector, where the EPA would partner with industry stakeholders and water infrastructure operators to increase collaboration and eventual implementation of cybersecurity standards.
- ATARC 2022 Zero Trust Summit (August 9, 2022; Washington, DC) - The adoption and integration of Zero Trust principles into any cybersecurity strategy comes with many challenges and questions. This panel will discuss the importance of emerging technologies while agencies are in the process of adopting and implementing Zero Trust principles.
- TechNet Augusta (August 15-18, 2022; Augusta, GA) - Examine and explore the intricacies of the cyber domain. With assistance from the U.S. Army Cyber Center of Excellence and industry experts, the conference is designed to open the lines of communication and facilitate networking, education and problem-solving. Leaders and operators also discuss procurement challenges the military, government and industry face during a time of uncertain budgets and runaway technology advances.
- Critical Infrastructure and Government Security Directives (August 23, 2022; webinar) - Explore the challenges facing critical infrastructure cybersecurity practitioners and the strategies and tools at their employ to defend against breaches. Speakers will review the TSA pipeline security directives and the pipeline security guidelines (based on NIST cybersecurity framework) and how to translate these guidelines into daily cyber hygiene best practices.
- When All Else Fails: How to Be Cyber Resilient (September 8, 2022; webinar) - A panel of cyber experts will discuss how to assess current cyber preparedness and the ability to detect, respond and recover from a cyber-attack. They will also discuss best practices for data protection and recovery, and how to best prepare the workforce to be more cyber resilient.
- InfoSec World (September 26-28, 2022; Lake Buena Vista, FL) - This leading cybersecurity conference for security practitioners and executives features expert insights, enlightening keynotes and interactive breakout sessions that inform, engage and connect the infosec community.
- 5 Cybersecurity Trends Shaping Government Modernization in 2022 (white paper) - 2022 is shaping up to be a key turning point in how the government implements modern cybersecurity practices. This 2022 cybersecurity trend report aims to outline the key trends shaping government's approach to securing data and systems.
- Global Cybersecurity Outlook 2022 (white paper) - This report aims to provide an in-depth analysis of the challenges that security leaders are dealing with, the approaches they are taking to stay ahead of cybercriminals, and the measures they are implementing to enhance cyber resilience not only within their organizations but also within the wider ecosystem.
- Federal Cybersecurity Funding to State and Local Governments (white paper) - Roundtable participants shared their thoughts on the unique challenges faced by the smaller state and local authorities, and how collaboration amongst themselves, as well as hands-on federal support and training opportunities could best help them develop successful cybersecurity funding applications.