Securing information and infrastructure is among the highest national security priorities. In recent months and years, we continue to see an escalating sophistication and frequency of attacks by malicious actors and nation-states. In response, leaders are taking action. The Executive Order 14028 has focused both the Federal government and the private sector on aligning to strengthen our nation’s cyber posture. New mandates such as the OMB’s Federal Zero Trust Architecture Strategy M-22-09 and OMB’s implementation of agency integration of NIST Software Supply Chain Security Guidance are driving focus. Spending levels are at an all-time high — both in terms of the funding poured into cybersecurity companies to innovate on new solutions, which more than doubled in 2021 and in the 2023 Federal Government budget request where cyber spending exceeds any prior budget at $22 billion (defense, civilian).
It is a huge undertaking that requires the collaboration of security experts in our agencies and from the ecosystem of industry security companies. The focus is to help federal agencies address one of the most pressing national security priorities of our time. Simply put, our “common mission” needs to be helping the U.S. government reinforce its defenses against increasingly sophisticated and persistent threat campaigns. That includes helping agencies progress and accelerate their zero trust journey and focusing on the nation’s significant skills gap. There has been a significant investment in technology by many agencies that are not yet fully exploited to serve their intended purposes. While innovations in technology are part of the solution, an equally important and perhaps harder to change element is the people, culture, and leadership alignment to the security priorities. These are the issues we are collectively tackling every day.
Cybersecurity is a team sport. Many companies aim to be great teammates on the field. There has to be an investment not only in solutions but in the cyber community itself. There are important public/private partnership initiatives also helping in the fight that aims to bring the best of industry knowledge together with the critical guidance of the U.S. government on cyber issues including:
- CISA’s JCDC, Joint Cyber Defense Collaborative, announced last year, which leads the development and implementation of joint cyber defense plans and operations to enhance cyber resilience. Today it includes 21 private sector alliance members. Continuing its ongoing information-sharing partnership with CISA, IBM joined JCDC in January for threat intelligence sharing for greater situational awareness and preparedness. As stated in the JCDC fact sheet, dated March 2022, “Simply put, the work of the JCDC is about seeing the dots, connecting the dots, and collectively driving down risk to the nation at scale.”
- NIST is driving numerous important initiatives, including an end-to-end zero trust reference architecture to help industry and government reduce the risk of cyber attacks and post-quantum cryptographic algorithms for future industry standardization. There are currently 22 vendors working on the Zero Trust reference architecture industry guidance that will offer practical steps for implementing an architecture for zero trust for several use cases. Recently, NIST announced the selection of four cryptographic algorithms. IBM Research team worked for years with NIST on developing three of those standards, in collaboration with a number of industry and academic partners.
- In August 2021, President Biden met with private sector and education leaders to discuss the whole-of-nation effort to address cybersecurity threats. The Biden administration and these leaders announced ambitious initiatives to bolster the nation’s cybersecurity. IBM’s CEO Arvind Krishna shared five key commitments and initiatives, outlined in a LinkedIn article, “The Time to Prioritize Cybersecurity is Now.”
Helping the broader community address a well-recognized talent shortage is another important area of focus for cybersecurity industry leaders. As an industry leader, IBM is committed to addressing the cyber skills gap by investing in education and the workforce and focusing efforts on untapped diverse resources like the Historically Black College & Universities (HBCU) and Minority-Serving Institutions (MSI) communities.
IBM and others continue to think about how we can do more to help in the fight for improving the cyber posture of our nation. We look forward to the continued journey together.
For more information on how IBM can help, check out our new Cybersecurity in US Federal landing page, which we will continue to update and share news. To learn about accelerating zero trust plans and adoption, listen to this webinar.
Vice President, IBM Security Federal