Is US Cyber Security Actually Improving?

Uploaded on 2022-02-04 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The US Government has announced new measures to boost cyber security within federal agencies following increased cyber attacks on private and public US infrastructure. It is one of the Biden administration’s biggest efforts yet to secure the computer networks on which the government relies to conduct business.

The aim is to make federal agencies tighten their cyber security controls after a number of hacks have taken place against government and private infrastructure in the last two years. 

The White House said in a statement that the "growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data." Under the strategy, federal employees will need to sign on to agency networks using multiple layers of security and agencies will have to do a better job of protecting their internal network traffic from hackers. The strategy gives agencies until the end of the 2024 fiscal year to meet these benchmarks and others.

This change was partially created by the 2020 spying campaign, alleged y by Russian hackers, that infiltrated several US agencies, which went undetected for  months. The hackers tampered with software made by federal contractor SolarWinds and others, to get into the unclassified networks of the Departments of Justice, Homeland Security and other government networks.

This strategy which will be released by the Office of Management and Budget, came from a cyber security executive order that President Biden signed last May after there were breaches in federal networks and a ransomware attack on a major US pipeline operator.

The strategy seeks to apply a cyber security concept known as "zero trust," which is popular at big corporations, to the federal government. "Zero trust" dictates that no computer user or system inside or outside an organisation is inherently trusted. 

Continuous security checks are needed to ensure that hackers aren't impersonating someone, and systems should be isolated when possible to keep malicious code from spreading.  

One aspect of the strategy is a requirement that agencies have a "complete inventory" of every electronic device on their networks. "This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses," National Cyber Director Chris Inglis said in a statement.

The new strategy requires federal officials to use several layers of security when they sign on to agency networks, and it requires agencies to boost internal network protection through various methods, such as inviting independent experts to assess levels of security.

The White House:       NBC:      CNN:      The Hill:       Eminetra:     

You Might Also Read: 

The End Of The American Cyber Empire:

 

« Cyber Criminals Frustrated By Russian Crypto Currency Rules
News Corp. Journalists Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Cyber Exchange

Cyber Exchange

Cyber Exchange provides a focal point for UK organisations connected with, or with an interest in, cyber security to connect, engage and collaborate.

Ethoca

Ethoca

Ethoca is a secure network for card issuers and merchants to connect and work cooperatively outside the payment network in a unique and powerful way.

NSO Group

NSO Group

NSO Group develops technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Databarracks

Databarracks

Databarracks deliver award winning IT resilience and continuity services. We help organisations get the most out of the cloud and protect their data, wherever it lives.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.