GovLoop

The 2024 Cyber Agenda: Urgency Drives Innovation

In the past three years, the federal government has increased its efforts to advance cybersecurity technology and strategy. The Biden administration laid out its agenda in the May 2021 Executive Order on Improving the Nation’s Cybersecurity (EO), then offered a more sweeping vision in the March 2023 National Cybersecurity Strategy.

Although cyber innovations will come largely from industry and academia, the federal government is attempting to bolster those efforts by offering technical guidance best practices, spearheading public/private collaboration and, in some cases, making financial investments.

Here are some key issues on the current cyber agenda.

********************************

Strengthen Software Supply Chain Security

WHAT’S AT STAKE

Whether developed in-house or procured from the commercial market, every major application includes countless open source and commercial software components. The problem is that agencies often can’t identify all those components or their source, i.e., the software supply chain. Subsequently, an application might contain numerous vulnerabilities that might not be discovered until it’s too late. For example, in 2021, malicious actors exploited a vulnerability in Log4j, a popular open source component, to infiltrate systems across the public and private sectors.

WHAT’S BEING DONE

The Biden administration has made software supply chain security a pillar of its efforts to improve cybersecurity nationwide and in the federal government. These are some current initiatives:

********************************

Reverse the Gains of Ransomware Gangs

WHAT’S AT STAKE

Ransomware continues to bedevil the public sector, with hackers targeting organizations that deliver essential services such as public safety, hospitals, schools and local government. Often, when organizations refuse to pay up, hackers retaliate by dumping the data on the web. That is how it played out for Oakland, California, which was the victim of an attack in early 2023. Eventually, city employees, whose data was exposed, filed a class-action lawsuit against the city.

WHAT’S BEING DONE

The federal government is working with organizations across the public and private sectors to undermine ransomware gangs. Here are some current initiatives:

********************************

Close the Cyber Workforce Gap

WHAT’S AT STAKE

Even as the global cyber workforce is now larger than ever, “the demand for skills still far exceeds the supply,” according to a November 2023 study by ISC2, an association for cybersecurity professionals. That gap means federal agencies face stiffer competition for cyber talent: More than half say staffing challenges make it difficult to improve their response to cybersecurity incidents, according to a December 2023 report from the Government Accountability Office.

WHAT’S BEING DONE

The Biden administration plans to explore ways to expand the capacity of two cyber workforce programs that have proven effective so far:

********************************

Prepare for Quantum-Era Hackers

WHAT’S AT STAKE

The race is on: Can researchers develop encryption tools that can withstand attack by quantum computers before quantum computers enter the mainstream? Mathematics is the key. Current encryption approaches work because to crack them, you need to solve complex mathematical equations that are beyond traditional computers’ power. But quantum computers are expected to provide enough firepower to crack many widely used encryption algorithms. It’s an “emperor has no clothes” scenario.

WHAT’S BEING DONE

The federal government, which is leading the advancement of quantum computing, is accelerating efforts to develop what has been dubbed post-quantum cryptography (PQC). Here are some of the initiatives underway:

********************************

Above all, the Biden administration believes the federal government can drive advances in cybersecurity by leading by example. “The private sector should follow the government’s model in preparing its own network and systems for our postquantum future,” states the National Cybersecurity Strategy.

This article appeared in our guide, “The 2024 Cyber Agenda.” To learn more on the cyber outlook for the coming year, download it here:

Image by CoolVid-Shows from Pixabay
Exit mobile version