Securing information and infrastructure is among the highest national security priorities. In recent months and years, we continue to see an escalating sophistication and frequency of attacks by malicious actors and nation-states. In response, leaders are taking action. The Executive Order 14028 has focused both the Federal government and the private sector on aligning to strengthen our nation’s cyber posture. New mandates such as the OMB’s Federal Zero Trust Architecture Strategy M-22-09 and OMB’s implementation of agency integration of NIST Software Supply Chain Security Guidance are driving focus. Spending levels are at an all-time high — both in terms of the funding poured into cybersecurity companies to innovate on new solutions, which more than doubled in 2021 and in the 2023 Federal Government budget request where cyber spending exceeds any prior budget at $22 billion (defense, civilian).

It is a huge undertaking that requires the collaboration of security experts in our agencies and from the ecosystem of industry security companies. The focus is to help federal agencies address one of the most pressing national security priorities of our time. Simply put, our “common mission” needs to be helping the U.S. government reinforce its defenses against increasingly sophisticated and persistent threat campaigns. That includes helping agencies progress and accelerate their zero trust journey and focusing on the nation’s significant skills gap. There has been a significant investment in technology by many agencies that are not yet fully exploited to serve their intended purposes. While innovations in technology are part of the solution, an equally important and perhaps harder to change element is the people, culture, and leadership alignment to the security priorities. These are the issues we are collectively tackling every day.

Cybersecurity is a team sport. Many companies aim to be great teammates on the field. There has to be an investment not only in solutions but in the cyber community itself. There are important public/private partnership initiatives also helping in the fight that aims to bring the best of industry knowledge together with the critical guidance of the U.S. government on cyber issues including:

  • CISA’s JCDC, Joint Cyber Defense Collaborative, announced last year, which leads the development and implementation of joint cyber defense plans and operations to enhance cyber resilience. Today it includes 21 private sector alliance members. Continuing its ongoing information-sharing partnership with CISA, IBM joined JCDC in January for threat intelligence sharing for greater situational awareness and preparedness. As stated in the JCDC fact sheet, dated March 2022, “Simply put, the work of the JCDC is about seeing the dots, connecting the dots, and collectively driving down risk to the nation at scale.”
  • NIST is driving numerous important initiatives, including an end-to-end zero trust reference architecture to help industry and government reduce the risk of cyber attacks and post-quantum cryptographic algorithms for future industry standardization. There are currently 22 vendors working on the Zero Trust reference architecture industry guidance that will offer practical steps for implementing an architecture for zero trust for several use cases. Recently, NIST announced the selection of four cryptographic algorithms. IBM Research team worked for years with NIST on developing three of those standards, in collaboration with a number of industry and academic partners.
  • In August 2021, President Biden met with private sector and education leaders to discuss the whole-of-nation effort to address cybersecurity threats. The Biden administration and these leaders announced ambitious initiatives to bolster the nation’s cybersecurity. IBM’s CEO Arvind Krishna shared five key commitments and initiatives, outlined in a LinkedIn article, “The Time to Prioritize Cybersecurity is Now.”

Helping the broader community address a well-recognized talent shortage is another important area of focus for cybersecurity industry leaders. As an industry leader, IBM is committed to addressing the cyber skills gap by investing in education and the workforce and focusing efforts on untapped diverse resources like the Historically Black College & Universities (HBCU) and Minority-Serving Institutions (MSI) communities.

IBM and others continue to think about how we can do more to help in the fight for improving the cyber posture of our nation. We look forward to the continued journey together.

For more information on how IBM can help, check out our new Cybersecurity in US Federal landing page, which we will continue to update and share news. To learn about accelerating zero trust plans and adoption, listen to this webinar.

More from Government

How the US Government is Fighting Back Against Ransomware

As ransomware-related payments surged toward $600 million in the first half of 2021, the U.S. government knew it needed to do more to fight back against cyber criminals. For many years, the Treasury's Office of Foreign Assets Control (OFAC) had a Specially Designated Nationals and Blocked Persons List (SDN List for people or organizations acting against the national security, foreign policy and sanctions policy objectives of the United States). But since 2021, the U.S. Department of Justice (DOJ) has upped…

What CISOs Want to See From NIST’s Impending Zero Trust Guidelines

Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises lagging in getting zero trust up and running. Several organizations, including the Office of Management and Budget (OMB), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) responded to the president’s order with detailed…

A Response Guide for New NSA and CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) recently published a report highlighting a range of critical security vulnerabilities requiring attention from organizations of all types. The report was published with input from the National Security Agency (NSA) and similar agencies worldwide. It should be considered essential reading. Many of the vulnerabilities in the report are not new. Instead, the report underscores a new level of awareness regarding how severe they are. Another important point to note is that these are…

The Cost of a Data Breach for Government Agencies

What happens when attackers breach local government, police departments or public health services? What would happen if attackers compromised the U.S. Treasury’s network? These types of incidents happen every month and lead to service interruptions at the very least. More serious problems could occur, such as leakage of classified data or damage to critical infrastructure. What about the cost of a data breach for government agencies? According to the most recent IBM Cost of a Data Breach report, each public…