December 28, 2023 By Mark Stone 3 min read

As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.

These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.

New White House cybersecurity strategy

The White House’s National Cybersecurity Strategy represents a decisive shift in the U.S. approach to cybersecurity. This 35-page document details the government’s plan to strengthen cyber defenses, focusing on reducing the burden on end-users, small businesses and local governments. The strategy proposes shifting software security liability to larger corporations, a move that has sparked discussions in the cybersecurity community. Finally, it prioritizes protecting critical infrastructure, like public water systems, from cyberattacks while preparing for emerging threats from quantum computing and AI.

NIST evolved for risk management

The NIST Cybersecurity Framework 2.0 (CSF) is evolving to meet the challenges of modern risk management, aligning with the Biden Administration’s National Cybersecurity Strategy. This update emphasizes improved risk management strategies, which are crucial in today’s cybersecurity landscape. The framework introduces a new ‘govern’ function, focusing on policies, procedures and team roles in cybersecurity risk management. It also expands guidelines on supply chain security, reflecting broader government initiatives. The CSF 2.0 continues to grow, addressing emerging threats like generative AI while striving for a cohesive U.S. cybersecurity approach across government and private sectors.

NSA’s best practices for home networks

The hybrid workplace is here to stay, and since home networks are central to our personal and professional lives, their security is paramount. The National Security Agency (NSA) emphasizes this shift in their latest best practices for securing home networks, highlighting the risks posed by cyber criminals. Bad actors often target home networks as gateways to larger corporate systems, especially through remote workers. The NSA’s guidelines focus on two key areas: technical upgrades to network hardware and software and behavioral changes to enhance online safety. By following the guidelines, individuals can mount a defense against breaches, keeping their personal data and professional integrity intact.

White House continues cybersecurity push

The Biden Administration’s National Cybersecurity Strategy Implementation Plan (NCSIP) marks a significant advancement in the United States’ approach to cybersecurity. Managed by the White House’s Office of the National Cyber Director, the plan has been well-received by cybersecurity experts for its clarity and actionable goals. It outlines over 65 federal initiatives to enhance cybersecurity, assigning specific tasks and deadlines to 18 federal agencies. The NCSIP is structured around five core pillars: defending critical infrastructure, disrupting threat actors, shaping market forces for security and resilience, investing in a resilient future and forging international partnerships. The comprehensive plan represents a groundbreaking shift in the U.S. government’s allocation of roles, responsibilities and resources in cyber, emphasizing long-term investments in cybersecurity and a coordinated effort across federal agencies.

The White House on managing AI

President Biden’s executive order on Artificial Intelligence (AI), issued on October 30, 2023, takes a significant step in the regulation and advancement of AI technology. The order aims to protect the American public from any negative side effects of AI’s rapid and expansive development. It outlines ambitious goals, including setting new AI safety and security standards, protecting privacy, advancing equity and civil rights and promoting innovation and competition. The order has also sparked debate over its sufficiency and potential impact on America’s AI leadership. While it emphasizes labeling AI-generated content, supporting the American workforce and promoting innovation, critics argue it lacks enforceable mandates and detailed implementation strategies. Ultimately, the executive order is seen as an initial step in a longer journey.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today