- Use Cases
Recent high-profile public and private sector cyberattacks targeting the Colonial Pipeline, JBS Foods’ U.S.-based beef plants, a Florida water treatment facility, and Okta are putting pressure on the U.S. federal government to strengthen the country’s cybersecurity infrastructure.
The increasing number of incidents, including ransomware attacks, is “one of the most serious economic and national security threats our nation faces,” according to the Cybersecurity and Infrastructure Security Agency (CISA).
The FBI’s Internet Crime Complaint Center received 2.76 million total reported complaints about cyberattacks from 2017 to 2021, totaling $18.7 billion in total losses. The attacks were so prevalent that the FBI issued a warning to organizations involved in mergers and acquisitions and other significant financial events.
Now in the wake of all this, the federal government is making a significant push to minimize its cybersecurity attack surface.
The Biden administration issued an executive order last year, with several actions like one urging federal agencies to adopt higher cybersecurity standards through Zero-Trust architecture. The executive order also included improving information sharing between private sector organizations and government agencies.
Federal agencies are rolling out their guidance around cybersecurity. The Department of Defense, for example, will outline 90 capabilities to achieve “targeted zero trust” that’ll eventually be implemented in each of the military services and agencies.
Jen Easterly, CISA director, earlier this year encouraged city officials to make cybersecurity “a kitchen-table issue” after the spate of high-profile cybersecurity incidents. CISA also hired cybersecurity advisors for every state.
As part of National Cybersecurity Awareness Month, we’re highlighting what some of these actions are — and how they may potentially impact organizations and government agencies.
CIRCIA, which became law in 2022, aims to provide the federal government with visibility into the frequency of attacks on U.S. critical infrastructure. The law also looks at which sectors are most at risk, and what’s the impact of those attacks. The Request for Information is seeking specifics on topics, like:
The Departments of Energy, Commerce, Health, Justice, Treasury, Transportation, and State are all expected to receive a significant increase in cybersecurity funding.
The government’s mission relies on inherently complex data, from tracking medical equipment at disparate Veterans Affairs facilities, to measuring every function on a Navy destroyer, to supporting individuals and organizations alike during tax season.
And it’s a lot.
Government IT and security teams spend countless hours collecting data to satisfy security compliance regulations. Just take the CDM Security Capability, for example. It mandates agencies continually monitor hardware and software assets, and includes guidance on how to manage configuration settings and various other vulnerabilities.
Time and resources are crucial. Now that the federal government is renewing the focus on government agencies and organizations with strengthening their cybersecurity infrastructure, the pressure is on. And this is where cybersecurity asset management comes in.
Cybersecurity asset management platforms track all devices, cloud services, software, and users no matter where they’re located. All of this helps minimize the attack surface.
The top platforms like Axonius — which is an officially listed CDM tool — do this by leveraging existing IT and security tools. These platforms discover managed and unmanaged assets, enabling teams to continually conduct up-to-date inventory in real time. They provide IT and security professionals with the capability to automatically validate security controls and discover security gaps. Teams can customize triggered actions when an asset or user deviates from policies..
The best platforms provide comprehensive asset visibility to strengthen Zero Trust architectures. Teams can initiate and manage their asset inventory tasks in the background, effectively moving away from the repetitive, manual tasks to be even more proactive.