White House reports on federal cybersecurity progress

The federal government is hosting discussions this month on how to develop cybersecurity labels for routers, home cameras and other consumer IoT devices. The goal is to help buyers understand how safe the products really are. Also on the federal cyber agenda for October: meeting with international partners on anti-ransomware efforts.

The White House announced these and other initiatives in an October 11 fact sheet.

The document addresses many of the goals that President Joe Biden set out in his May 2021 Executive Order on National Cybersecurity. He reviewed US progress in efforts such as strengthening federal best practices, growing the cyber workforce, and advancing quantum-resistant encryption research.

IOT SECURITY LABELS

President Biden’s May 2021 Executive Order on “Improving the Nation’s Cybersecurity” called for giving the public more control over their exposure to risk, by marking consumer IoT products with labels indicating how offers are cyber-secure.

The White House now plans this month to bring together private companies, associations and government entities to discuss how to develop such marking. The ultimate goal is “a common label for products that meet US government standards and are tested by vetted and approved entities,” yesterday’s fact sheet said.

FIGHT AGAINST RANSOMWARE INTERNATIONALLY

Along with Biden’s executive order, May 2021 also brought an influential ransomware report. The Ransomware Task Force coordinated by the Institute for Security and Technology (IST) has released a report detailing the global nature of the ransomware ecosystem and recommending actions to combat the threat.

About a year and a half later, the White House fact sheet tracks progress. Among the highlights: The International Counter-Ransomware Initiative (CRI), which the federal government launched in 2021 to stimulate international collaboration and which meets again from October 31 to November 31. 1.

Federal actors have also sought to make cyber extortion less profitable and more painful by disrupting the flow of ransoms and adopting stronger responses. It sanctioned several cryptocurrency mixers commonly used by ransomware actors, extradited and imprisoned some individual perpetrators, and sanctioned cyber actors suspected of involvement in the SolarWinds attack, the fact sheet notes.

The United States has also turned to international partners to address other cybersecurity issues. This includes efforts to establish and enforce cyber standards, which the White House says it has supported by criticizing and “imposing[ing] costs” on Iran when the government crossed the line by launching cyberattacks against the Albanian government. The White House also highlighted “a new virtual rapid response mechanism at NATO to ensure that Allies can offer each other effective and efficient support in response to cyber incidents.”

GOVERNMENT SECURITY, CRITICAL INFRASTRUCTURE

The federal government has also sought to secure its own home, requiring multi-factor authentication on all of its systems — something promised as part of May’s executive order — and creating a strategy to embrace zero trust.

New requirements have also limited federal agencies to only sourcing software with security features. The move is to protect the government and incentivize vendors to elevate all of their products to this level, regardless of customer base.

Funding such as the State and Local Cybersecurity Grant Program, meanwhile, should help other levels of government strengthen their cybersecurity postures.

The White House has also touted efforts to reach beyond the public sector. This includes promoting basic cyber hygiene and understanding threats among the private entities that own and operate much of the country’s critical infrastructure. So far, this has been seen in the banking, health, transport and water sectors.

BUILDING THE FUTURE: WORKFORCE AND RESEARCH

The shortage of cyber talent remains a pressing issue and is among the concerns of state CISOs, according to a NASCIO report released this week. The White House said it is working to strengthen the workforce, with the goal of creating more pathways to cyber jobs and bringing more diversity to the field. A 120-day cybersecurity learning sprint launched in July 2022 aims to support these efforts.

The federal government has also “more than doubled” its investment in quantum research and development, in an effort to stay competitive in space and stay ahead of threats. This includes efforts to develop and deploy forms of cryptography designed to resist cracking by any future quantum computer.

Leave a Reply