Products + Services Data Centers Industries Learn About
Even the US government isn’t immune to cyberattacks. Tech giant Microsoft recently discovered another Chinese cyber-espionage campaign, with this one compromising at least 25 organizations. Although details are still coming in, the Department of Commerce appears to be one of the victims.
While the Department of Commerce was able to take immediate action, it’s hoped that the government’s National Cybersecurity Strategy Implementation Plan (NCSIP) will prevent — or at least mitigate potential damage from — future cyberattacks.
Introduced back in March and published July 13, 2023, the NCSIP establishes a vision for how the US allocates roles, responsibilities, and resources for battling cyberattacks and increases incentives for long-term investments into cybersecurity. The plan is designed to ensure transparency and coordination among the federal government’s many agencies in realizing this vision.
This is the first iteration of the NCSIP, which will be updated annually. Eighteen agencies are leading initiatives in the plan.
The Office of the National Cyber Director (ONCD) will coordinate activities, including an annual report to the President and Congress on the status of implementation, and partner with the Office of Management and Budget (OMB) to ensure funding proposals in the President’s Budget Request are aligned with NCSIP initiatives. The government will also continue efforts to strengthen collaboration with the private sector, civil society, international partners, Congress, and state, local, Tribal, and territorial governments.
This includes the Cybersecurity and Infrastructure Security Agency (CISA) taking the lead in updating the National Cyber Incident Response Plan to ensure the government acts in a coordinated manner during a cyber incident.
One of the main initiatives under this pillar is for the FBI to strengthen the capacity of the National Cyber Investigative Joint Task Force (NCIJTF) to coordinate takedown and disruption campaigns with greater speed, scale, and frequency.
This pillar includes an initiative for the CISA to work with stakeholders to move forward with software bill of materials (SBOM) requirements. This will help ensure that all companies in the supply chain providing the US government with software and services are sufficiently protected against cyber-attacks reducing gaps in scale and implementation.
Among the initiatives under this pillar is for the National Institute of Standards and Technology (NIST) to complete the standardization of one or more quantum-resistant public key cryptographic algorithms. In 2022, the NIST selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer. They’ll become part of NIST’s post-quantum cryptographic (PQC) standard.
Initiatives under this pillar include the Department of State publishing an International Cyberspace and Digital Policy Strategy that incorporates bilateral and multilateral activities.
A Sixth Section
The NCSIP adds a sixth section not contained in the original strategy — Implementation-wide Initiatives. The two initiatives in this section call for reporting on strategy implementation progress, applying lessons learned from implementing the strategy, and ensuring federal budgetary guidance aligns with the strategy’s implementation. The funding aspect is particularly critical to executing the objectives.
Where the Plan Stands and What’s Missing
Some initiatives, such as the release of the Administration’s Cybersecurity Priorities for the Fiscal Year 2025 Budget, have been completed ahead of schedule. Other activities, such as transmitting the May 26th Department of Defense 2023 Cyber Strategy to Congress, and the June 20th creation of a new National Security Cyber Section by the Justice Department, are key milestones in completing initiatives.
One thing missing from the NCSIP, however, is the topic of cloud security. With the ubiquitousness of the cloud and the many attack vectors it includes, it’s increasingly important to make cloud security a priority at the public, private and government levels. It’s hoped that future iterations of the plan address this.
Your Cybersecurity Strategy
The release of the NCSIP serves as a strong reminder that all organizations need to implement a comprehensive, constantly reviewed, and updated cybersecurity plan. Self-administered or third-party IT security assessments can help identify gaps and needs.
US Signal’s IT security professionals are available to assess and help strengthen your organization’s security posture. Learn about some of our services
here. Or contact us for consultation. Phone: (888) 663-1700 or email: [email protected].
Ever find yourself lost in the sea of acronyms that is today’s tech landscape? Well, strap in, because today we're navigating the choppy waters of SASE and SSE. This isn't just another tech talk; it's your compass to understanding two giants in the network security realm. So, whether you're a tech guru, a business leader [...]
We can't say this enough when it comes to colocation — and data centers in general. Location matters. And if that data center location is in the Midwest, all the better. Sure. With all the advanced networking services and technologies available, even the most tech-dependent businesses and their employees can operate from [...]
Expect to see the cybersecurity landscape continue to change throughout 2024. There will likely be increased regulatory scrutiny at the federal and state levels over the coming year as government authorities seek to encourage prompt, accurate, and complete disclosure of security threats and management-level preparedness. [...]