Securing information and infrastructure is among the highest national security priorities. In recent months and years, we continue to see an escalating sophistication and frequency of attacks by malicious actors and nation-states. In response, leaders are taking action. The Executive Order 14028 has focused both the Federal government and the private sector on aligning to strengthen our nation’s cyber posture. New mandates such as the OMB’s Federal Zero Trust Architecture Strategy M-22-09 and OMB’s implementation of agency integration of NIST Software Supply Chain Security Guidance are driving focus. Spending levels are at an all-time high — both in terms of the funding poured into cybersecurity companies to innovate on new solutions, which more than doubled in 2021 and in the 2023 Federal Government budget request where cyber spending exceeds any prior budget at $22 billion (defense, civilian).

It is a huge undertaking that requires the collaboration of security experts in our agencies and from the ecosystem of industry security companies. The focus is to help federal agencies address one of the most pressing national security priorities of our time. Simply put, our “common mission” needs to be helping the U.S. government reinforce its defenses against increasingly sophisticated and persistent threat campaigns. That includes helping agencies progress and accelerate their zero trust journey and focusing on the nation’s significant skills gap. There has been a significant investment in technology by many agencies that are not yet fully exploited to serve their intended purposes. While innovations in technology are part of the solution, an equally important and perhaps harder to change element is the people, culture, and leadership alignment to the security priorities. These are the issues we are collectively tackling every day.

Cybersecurity is a team sport. Many companies aim to be great teammates on the field. There has to be an investment not only in solutions but in the cyber community itself. There are important public/private partnership initiatives also helping in the fight that aims to bring the best of industry knowledge together with the critical guidance of the U.S. government on cyber issues including:

  • CISA’s JCDC, Joint Cyber Defense Collaborative, announced last year, which leads the development and implementation of joint cyber defense plans and operations to enhance cyber resilience. Today it includes 21 private sector alliance members. Continuing its ongoing information-sharing partnership with CISA, IBM joined JCDC in January for threat intelligence sharing for greater situational awareness and preparedness. As stated in the JCDC fact sheet, dated March 2022, “Simply put, the work of the JCDC is about seeing the dots, connecting the dots, and collectively driving down risk to the nation at scale.”
  • NIST is driving numerous important initiatives, including an end-to-end zero trust reference architecture to help industry and government reduce the risk of cyber attacks and post-quantum cryptographic algorithms for future industry standardization. There are currently 22 vendors working on the Zero Trust reference architecture industry guidance that will offer practical steps for implementing an architecture for zero trust for several use cases. Recently, NIST announced the selection of four cryptographic algorithms. IBM Research team worked for years with NIST on developing three of those standards, in collaboration with a number of industry and academic partners.
  • In August 2021, President Biden met with private sector and education leaders to discuss the whole-of-nation effort to address cybersecurity threats. The Biden administration and these leaders announced ambitious initiatives to bolster the nation’s cybersecurity. IBM’s CEO Arvind Krishna shared five key commitments and initiatives, outlined in a LinkedIn article, “The Time to Prioritize Cybersecurity is Now.”

Helping the broader community address a well-recognized talent shortage is another important area of focus for cybersecurity industry leaders. As an industry leader, IBM is committed to addressing the cyber skills gap by investing in education and the workforce and focusing efforts on untapped diverse resources like the Historically Black College & Universities (HBCU) and Minority-Serving Institutions (MSI) communities.

IBM and others continue to think about how we can do more to help in the fight for improving the cyber posture of our nation. We look forward to the continued journey together.

For more information on how IBM can help, check out our new Cybersecurity in US Federal landing page, which we will continue to update and share news. To learn about accelerating zero trust plans and adoption, listen to this webinar.

More from Zero Trust

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

How zero trust changed the course of cybersecurity

4 min read - For decades, the IT industry relied on perimeter security to safeguard critical digital assets. Firewalls and other network-based tools monitored and validated network access. However, the shift towards digital transformation and hybrid cloud infrastructure has made these traditional security methods inadequate. Clearly, the perimeter no longer exists. Then the pandemic turned the gradual digital transition into a sudden scramble. This left many companies struggling to secure vast networks of remote employees accessing systems. Also, we’ve seen an explosion of apps,…

SOAR, SIEM, SASE and zero trust: How they all fit together

4 min read - Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

Contain breaches and gain visibility with microsegmentation

4 min read - Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…