For the past 20 years, October has come to signify more than pumpkins, ghosts, and candy. The Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance have led the annual effort to raise awareness among the general public about everyone's role in keeping our increasingly digital world more secure.
Cybersecurity Awareness Month provides a platform for a wide variety of government and private organizations to deliver education about good cyber hygiene and highlight the role everyday actions have on the security of the systems we depend on.
Education and programming in 2023 will bring the following behaviors into focus:
- Strong passwords: Long, random, unique passwords with four-character types (uppercase, lowercase, numbers, and symbols) are a best practice for protecting data. Password managers are a powerful tool to help create the most secure and usable passwords.
- Multifactor authentication (MFA): MFA as part of a login process helps confirm who you say you are by requiring a password and the use of a one time code issued to a device that belongs to you. Multifactor authentication should be enabled on all your online accounts that offer it.
- Recognize & report phishing: Phishing emails, texts, and calls are the number one way data gets compromised. Unsolicited emails, texts, or calls asking for personal information should always be treated as suspicious and investigated through a trusted channel (not by responding to the message) for their legitimacy before any response or personal information is given.
- Update software: Regularly check that your software is up-to-date to ensure you have the latest security patches and updates on your devices.
These individual steps make a collective impact on keeping shared systems more secure. Beyond these everyday cyber hygiene practices, the government is working on ways to help citizens become more cyber-aware year-round.
In July, the White House launched the "U.S. Cyber Trust Mark" program, which will label cyber-secure smart devices to help Americans more easily choose devices that are less vulnerable to cyberattacks. Devices receiving the cybermark will have met established cybersecurity criteria published by the National Institute of Standards and Technology, including requiring unique and strong passwords, data protections, software updates, and incident detection capabilities.
Products slated to be evaluated to receive the trust mark are smart fitness trackers, baby monitors, refrigerators, microwaves, televisions, home thermostats, and more. This labeling program is expected to be up and running in 2024.
The cybersecurity skills gap continues to be a huge concern for organizations. A recent survey found that 57% of organizations surveyed indicated the biggest barrier to achieving their security posture was not having enough security personnel.
The Biden administration has issued the National Cyber Workforce and Education Strategy (NCWES) to address immediate and long-term cyber workforce needs. The strategy details ways to:
- Improve the foundational cyber skills of every American
- Transform cyber education, making it more accessible and affordable
- Adopt a skills-based approach to recruitment for cyber jobs
- Better communicate the benefits of a public service career among cyber skilled workers
Efforts are already underway with the National Science Foundation investing over $24M in CyberCorps: Scholarship for Service awards over the next four years. The Department of Labor is also awarding $65 million in grants to 45 US states and territories to develop and scale registered apprenticeship programs in cybersecurity.
GovEvents and GovWhitePapers are a great resource for staying on top of the latest cybersecurity trends and efforts across government.
- Using Data to Fortify Network Defenses (October 3, 2023; webcast) - This event will look at CISA's Continuous Diagnostics and Mitigation (CDM) program, detailing the impact of issues such as visibility and scalability, identifying the metrics used to measure the effectiveness of CDM tools in mitigating cyber risks, and reviewing the components and tools that have been added to the program.
- Uniting Women in Cyber (October 3, 2023; Arlington, VA) - Hear from world-class leaders who will discuss the National Security agenda, modern-day cyber warfare, and diversity in the workplace.
- Cybersecurity Summit 2023 (October 4, 2023; Reston, VA) - The summit will address several of the critical infrastructure sectors on what is being done to mitigate the risk and protect the security of our nation.
- Unlocking Potential: Addressing Talent Shortages in Cybersecurity (October 5, 2023; webcast) - Join a dive deep into what cyber leads get wrong when it comes to hiring, and how to think differently about the future of cybersecurity talent.
- OODAcon 2023 - Future Now! (October 25, 2023; Reston, VA) - This event brings together the hackers, thinkers, strategists, disruptors, leaders, technologists, and creators with one foot in the future to discuss the most pressing issues of the day and provide insight into the ways technology is evolving.
- Three Actions Driving Cybersecurity Modernization (white paper) - This publication discusses actions that are critical to changing the government's approach to cybersecurity. These include how to detect and analyze cyber threats, the Software Bill of Materials, and non-technical ways to mitigate cyber risks.
- Analyzing Cybersecurity Definitions for Non-experts (white paper) - There is no standard definition for cybersecurity, with current definitions often being technically-complex and targeted at practitioners and academics. However, non-experts (those who do not have security expertise) need an understandable definition to provide a foundation for applying cybersecurity concepts. This paper takes an initial step towards developing guidance on how to define and describe cybersecurity to non-experts.