The release of the National Cybersecurity Strategy in March was just one of several efforts in 2023 to put government agencies on better cyber footing. But the year also featured numerous incidents that reminded everyone why things need to change. Here is a sampling of the big headlines.
January
The Justice Department reveals that the FBI covertly infiltrated the Hive ransomware group in a monthslong effort to thwart $130 million in ransom demands by providing victims with encryption keys.
February
The U.S. Marshals Service suffers a security attack targeting sensitive information that an agency unit that tracks fugitives maintains.
March
The Defense Department publishes a strategy for departmentwide cyber workforce management, including the use of standardized workforce analysis tools and processes.
The White House releases the National Cybersecurity Strategy, laying out a plan to create a “safe and secure digital ecosystem for all Americans.”
April
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with multiple U.S. and international organizations, publishes new guidelines for developing systems with security functions built in from the beginning, i.e., secure-by-design/secure-by-default.
The National Institute of Standards and Technology previews forthcoming guidance on post-quantum cryptography, that is, encryption methods that emerging quantum computers can’t crack.
May
City employees sue Oakland, Calif., seeking damages after a data breach exposed personal information.
June
Several federal and state agencies are among hundreds of organizations targeted by Russian hackers who exploited a flaw in a common application used to transfer data.
July
The White House publishes the National Cybersecurity Strategy Implementation Plan, identifying more than 65 “high-impact” federal initiatives aimed at making progress on goals detailed in the March strategy.
August
The Defense Advanced Research Projects Agency launches the Artificial Intelligence Cyber Challenge, a two-year competition that offers nearly $20 million in prize money to spur the development of AI-based tools that improve the security of critical infrastructure.
NIST releases a draft of the Cybersecurity Framework 2.0, expanding its scope beyond critical infrastructure and offering and adding cybersecurity guidance.
September
CISA announced a new program through which it will provide local water utilities with free vulnerability scanning of internet-accessible systems.
October
CISA, the National Security Agency and industry partners provided developers and vendors with guidance on strengthening multifactor and single sign-on solutions, noting that “a significant portion of breaches” involve misused or stolen digital identities.
November
A new program from the Office of Personnel Management enables cyber employees to serve temporary assignments at other agencies, providing them with new learning opportunities that also will benefit their home agency.
December
A Pennsylvania town reports that an Iranian cyber group hacked into one of its control stations and shut down a system that monitors water pressure data, while emphasizing the attack posed no risk to the water supply.
Harry Coker, Jr. is confirmed as the National Cyber Director, filling a post left vacant for most of the year.
This article appeared in our guide, “The 2024 Cyber Agenda.” To learn more on the cyber outlook for the coming year, download it here:
Leave a Reply
You must be logged in to post a comment.