As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.
These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.
New White House cybersecurity strategy
The White House’s National Cybersecurity Strategy represents a decisive shift in the U.S. approach to cybersecurity. This 35-page document details the government’s plan to strengthen cyber defenses, focusing on reducing the burden on end-users, small businesses and local governments. The strategy proposes shifting software security liability to larger corporations, a move that has sparked discussions in the cybersecurity community. Finally, it prioritizes protecting critical infrastructure, like public water systems, from cyberattacks while preparing for emerging threats from quantum computing and AI.
NIST evolved for risk management
The NIST Cybersecurity Framework 2.0 (CSF) is evolving to meet the challenges of modern risk management, aligning with the Biden Administration’s National Cybersecurity Strategy. This update emphasizes improved risk management strategies, which are crucial in today’s cybersecurity landscape. The framework introduces a new ‘govern’ function, focusing on policies, procedures and team roles in cybersecurity risk management. It also expands guidelines on supply chain security, reflecting broader government initiatives. The CSF 2.0 continues to grow, addressing emerging threats like generative AI while striving for a cohesive U.S. cybersecurity approach across government and private sectors.
NSA’s best practices for home networks
The hybrid workplace is here to stay, and since home networks are central to our personal and professional lives, their security is paramount. The National Security Agency (NSA) emphasizes this shift in their latest best practices for securing home networks, highlighting the risks posed by cyber criminals. Bad actors often target home networks as gateways to larger corporate systems, especially through remote workers. The NSA’s guidelines focus on two key areas: technical upgrades to network hardware and software and behavioral changes to enhance online safety. By following the guidelines, individuals can mount a defense against breaches, keeping their personal data and professional integrity intact.
White House continues cybersecurity push
The Biden Administration’s National Cybersecurity Strategy Implementation Plan (NCSIP) marks a significant advancement in the United States’ approach to cybersecurity. Managed by the White House’s Office of the National Cyber Director, the plan has been well-received by cybersecurity experts for its clarity and actionable goals. It outlines over 65 federal initiatives to enhance cybersecurity, assigning specific tasks and deadlines to 18 federal agencies. The NCSIP is structured around five core pillars: defending critical infrastructure, disrupting threat actors, shaping market forces for security and resilience, investing in a resilient future and forging international partnerships. The comprehensive plan represents a groundbreaking shift in the U.S. government’s allocation of roles, responsibilities and resources in cyber, emphasizing long-term investments in cybersecurity and a coordinated effort across federal agencies.
The White House on managing AI
President Biden’s executive order on Artificial Intelligence (AI), issued on October 30, 2023, takes a significant step in the regulation and advancement of AI technology. The order aims to protect the American public from any negative side effects of AI’s rapid and expansive development. It outlines ambitious goals, including setting new AI safety and security standards, protecting privacy, advancing equity and civil rights and promoting innovation and competition. The order has also sparked debate over its sufficiency and potential impact on America’s AI leadership. While it emphasizes labeling AI-generated content, supporting the American workforce and promoting innovation, critics argue it lacks enforceable mandates and detailed implementation strategies. Ultimately, the executive order is seen as an initial step in a longer journey.