Each October, the Cybersecurity & Infrastructure Security Agency and theNational Cybersecurity Alliance lead the cybersecurity community in an educational campaign around the impact of cybersecurity breaches and best practices to prevent them. Cybersecurity Awareness Month was created to raise awareness about the importance of cybersecurity among individual citizens and companies alike. As exemplified by the theme, "Do Your Part. #BeCyberSmart," the campaign serves to remind us that everyone has a role in ensuring the security of data and systems.
Events, educational materials, videos, blogs, and more will be produced throughout the month by a variety of government entities, non-profits, and commercial organizations to illustrate this shared responsibility. To organize the vast amounts of information, the month is divided into themed weeks with a focus on the threat of phishing and a push to increase interest in cybersecurity careers:
With a number of high-profilesecurity hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.
In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.
House Intelligence Committee Chairman Mike Rogers said Oct. 1 he would like to see the United States go on the offensive in cyberspace more than it does, but that there is not a clear understanding across government of what an offensive policy entails.
The Michigan Republican said the Pentagon, the intelligence community and law-enforcement agencies must agree on attack protocols in the event Washington goes on the offensive in cyberspace.
"We haven't coordinated that policy," he told reporters after his appearance at a Washington Post-hosted conference. "We have disparate levels of cyber offensive capability across the federal government. ... Some are fantastic, some not so good and then [there are] some in the middle."