Light Dark
December 28, 2023 By Mark Stone 3 min read
Government

As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.

These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.

New White House cybersecurity strategy

The White House’s National Cybersecurity Strategy represents a decisive shift in the U.S. approach to cybersecurity. This 35-page document details the government’s plan to strengthen cyber defenses, focusing on reducing the burden on end-users, small businesses and local governments. The strategy proposes shifting software security liability to larger corporations, a move that has sparked discussions in the cybersecurity community. Finally, it prioritizes protecting critical infrastructure, like public water systems, from cyberattacks while preparing for emerging threats from quantum computing and AI.

NIST evolved for risk management

The NIST Cybersecurity Framework 2.0 (CSF) is evolving to meet the challenges of modern risk management, aligning with the Biden Administration’s National Cybersecurity Strategy. This update emphasizes improved risk management strategies, which are crucial in today’s cybersecurity landscape. The framework introduces a new ‘govern’ function, focusing on policies, procedures and team roles in cybersecurity risk management. It also expands guidelines on supply chain security, reflecting broader government initiatives. The CSF 2.0 continues to grow, addressing emerging threats like generative AI while striving for a cohesive U.S. cybersecurity approach across government and private sectors.

NSA’s best practices for home networks

The hybrid workplace is here to stay, and since home networks are central to our personal and professional lives, their security is paramount. The National Security Agency (NSA) emphasizes this shift in their latest best practices for securing home networks, highlighting the risks posed by cyber criminals. Bad actors often target home networks as gateways to larger corporate systems, especially through remote workers. The NSA’s guidelines focus on two key areas: technical upgrades to network hardware and software and behavioral changes to enhance online safety. By following the guidelines, individuals can mount a defense against breaches, keeping their personal data and professional integrity intact.

White House continues cybersecurity push

The Biden Administration’s National Cybersecurity Strategy Implementation Plan (NCSIP) marks a significant advancement in the United States’ approach to cybersecurity. Managed by the White House’s Office of the National Cyber Director, the plan has been well-received by cybersecurity experts for its clarity and actionable goals. It outlines over 65 federal initiatives to enhance cybersecurity, assigning specific tasks and deadlines to 18 federal agencies. The NCSIP is structured around five core pillars: defending critical infrastructure, disrupting threat actors, shaping market forces for security and resilience, investing in a resilient future and forging international partnerships. The comprehensive plan represents a groundbreaking shift in the U.S. government’s allocation of roles, responsibilities and resources in cyber, emphasizing long-term investments in cybersecurity and a coordinated effort across federal agencies.

The White House on managing AI

President Biden’s executive order on Artificial Intelligence (AI), issued on October 30, 2023, takes a significant step in the regulation and advancement of AI technology. The order aims to protect the American public from any negative side effects of AI’s rapid and expansive development. It outlines ambitious goals, including setting new AI safety and security standards, protecting privacy, advancing equity and civil rights and promoting innovation and competition. The order has also sparked debate over its sufficiency and potential impact on America’s AI leadership. While it emphasizes labeling AI-generated content, supporting the American workforce and promoting innovation, critics argue it lacks enforceable mandates and detailed implementation strategies. Ultimately, the executive order is seen as an initial step in a longer journey.

 |  |  |  |  |  |  |  |  | 
Mark Stone

More from Government
April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

January 25, 2024

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

December 8, 2023

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature