Is US Cyber Security Actually Improving?

Uploaded on 2022-02-04 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The US Government has announced new measures to boost cyber security within federal agencies following increased cyber attacks on private and public US infrastructure. It is one of the Biden administration’s biggest efforts yet to secure the computer networks on which the government relies to conduct business.

The aim is to make federal agencies tighten their cyber security controls after a number of hacks have taken place against government and private infrastructure in the last two years. 

The White House said in a statement that the "growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data." Under the strategy, federal employees will need to sign on to agency networks using multiple layers of security and agencies will have to do a better job of protecting their internal network traffic from hackers. The strategy gives agencies until the end of the 2024 fiscal year to meet these benchmarks and others.

This change was partially created by the 2020 spying campaign, alleged y by Russian hackers, that infiltrated several US agencies, which went undetected for  months. The hackers tampered with software made by federal contractor SolarWinds and others, to get into the unclassified networks of the Departments of Justice, Homeland Security and other government networks.

This strategy which will be released by the Office of Management and Budget, came from a cyber security executive order that President Biden signed last May after there were breaches in federal networks and a ransomware attack on a major US pipeline operator.

The strategy seeks to apply a cyber security concept known as "zero trust," which is popular at big corporations, to the federal government. "Zero trust" dictates that no computer user or system inside or outside an organisation is inherently trusted. 

Continuous security checks are needed to ensure that hackers aren't impersonating someone, and systems should be isolated when possible to keep malicious code from spreading.  

One aspect of the strategy is a requirement that agencies have a "complete inventory" of every electronic device on their networks. "This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses," National Cyber Director Chris Inglis said in a statement.

The new strategy requires federal officials to use several layers of security when they sign on to agency networks, and it requires agencies to boost internal network protection through various methods, such as inviting independent experts to assess levels of security.

The White House:       NBC:      CNN:      The Hill:       Eminetra:     

You Might Also Read: 

The End Of The American Cyber Empire:

 

« Cyber Criminals Frustrated By Russian Crypto Currency Rules
News Corp. Journalists Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

it-sa 365

it-sa 365

it-sa 365 is a digital platform for connecting IT security vendors and experts with those who bear responsibility for IT security in management and technology.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Primary Guard

Primary Guard

Primary Guard provides IT solutions and computing technologies that help minimize impact from cyber threats, improve business efficiency and maintain essential functions during or after a disaster.

Gilsbar

Gilsbar

For more than half a century, Gilsbar has offered insurance service solutions and support for businesses and their employees.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

CelcomDigi

CelcomDigi

CelcomDigi aspire to be Malaysia’s top Telco-Tech company, transforming beyond core connectivity to lead digitalization and innovation as part of nation-building.

Black Alps

Black Alps

Black Alp's mission is to promote cybersecurity through the organization of dedicated events.