Recent high-profile public and private sector cyberattacks targeting the Colonial Pipeline, JBS Foods’ U.S.-based beef plants, a Florida water treatment facility, and Okta are putting pressure on the U.S. federal government to strengthen the country’s cybersecurity infrastructure.
The increasing number of incidents, including ransomware attacks, is “one of the most serious economic and national security threats our nation faces,” according to the Cybersecurity and Infrastructure Security Agency (CISA).
The FBI’s Internet Crime Complaint Center received 2.76 million total reported complaints about cyberattacks from 2017 to 2021, totaling $18.7 billion in total losses. The attacks were so prevalent that the FBI issued a warning to organizations involved in mergers and acquisitions and other significant financial events.
Now in the wake of all this, the federal government is making a significant push to minimize its cybersecurity attack surface.
The Biden administration issued an executive order last year, with several actions like one urging federal agencies to adopt higher cybersecurity standards through Zero-Trust architecture. The executive order also included improving information sharing between private sector organizations and government agencies.
Federal agencies are rolling out their guidance around cybersecurity. The Department of Defense, for example, will outline 90 capabilities to achieve “targeted zero trust” that’ll eventually be implemented in each of the military services and agencies.
Jen Easterly, CISA director, earlier this year encouraged city officials to make cybersecurity “a kitchen-table issue” after the spate of high-profile cybersecurity incidents. CISA also hired cybersecurity advisors for every state.
As part of National Cybersecurity Awareness Month, we’re highlighting what some of these actions are — and how they may potentially impact organizations and government agencies.
CIRCIA, which became law in 2022, aims to provide the federal government with visibility into the frequency of attacks on U.S. critical infrastructure. The law also looks at which sectors are most at risk, and what’s the impact of those attacks. The Request for Information is seeking specifics on topics, like:
The Departments of Energy, Commerce, Health, Justice, Treasury, Transportation, and State are all expected to receive a significant increase in cybersecurity funding.
The government’s mission relies on inherently complex data, from tracking medical equipment at disparate Veterans Affairs facilities, to measuring every function on a Navy destroyer, to supporting individuals and organizations alike during tax season.
And it’s a lot.
Government IT and security teams spend countless hours collecting data to satisfy security compliance regulations. Just take the CDM Security Capability, for example. It mandates agencies continually monitor hardware and software assets, and includes guidance on how to manage configuration settings and various other vulnerabilities.
Time and resources are crucial. Now that the federal government is renewing the focus on government agencies and organizations with strengthening their cybersecurity infrastructure, the pressure is on. And this is where cybersecurity asset management comes in.
Cybersecurity asset management platforms track all devices, cloud services, software, and users no matter where they’re located. All of this helps minimize the attack surface.
The top platforms like Axonius — which is an officially listed CDM tool — do this by leveraging existing IT and security tools. These platforms discover managed and unmanaged assets, enabling teams to continually conduct up-to-date inventory in real time. They provide IT and security professionals with the capability to automatically validate security controls and discover security gaps. Teams can customize triggered actions when an asset or user deviates from policies..
The best platforms provide comprehensive asset visibility to strengthen Zero Trust architectures. Teams can initiate and manage their asset inventory tasks in the background, effectively moving away from the repetitive, manual tasks to be even more proactive.
"Culture is the foundation for any high-performing team. We all process information differently, we listen differently. We come from different backgrounds and experiences. No matter who you are, I want to know that. I want to understand what makes you you and treat you the way you want to be treated, not how I project myself onto you.”
— Jen Easterly, director, Cybersecurity and Infrastructure Security Agency (CISA)
“[Create an environment] where people can understand when they can take time off and not feel like everything is going to fall apart. [Where] they have a plan for their career and how they’re going to grow. [Where] they have time to be with their friends and family enough not to be burned out."
— Deidre Diamond, founder and CEO of CyberSN and Security Diversity
“Actively invite engagement, listen with purpose, and look for signs of burnout. You can't expect everyone to feel equally comfortable expressing an opinion, and so it's important to solicit feedback at times as opposed to always passively expecting it. When you are getting engagement, listen with purpose. Make an effort to not only hear what's being said, but understand and empathize. Lastly, look for signs of burnout. … If you're noticing signs of burnout on the team, look for ways to intervene, like ensuring adequate team resourcing/load balancing to create a healthy work/life balance for everyone, and that team members are able to take PTO."
— Daniel Trauner, senior director of security, Axonius
“We need an environment where failure is not only tolerated, but an understood aspect of innovation. Our attackers are failing forward every single day, [and] we deserve the ability to do the same if we are going to protect our people, data, and organizations.”
— Chris Cochran, co-founder at Hacker Valley Media and creative director at Axonius
41 Madison Avenue, 37th Floor
New York, NY 10010