Is US Cyber Security Actually Improving?

The US Government has announced new measures to boost cyber security within federal agencies following increased cyber attacks on private and public US infrastructure. It is one of the Biden administration’s biggest efforts yet to secure the computer networks on which the government relies to conduct business.

The aim is to make federal agencies tighten their cyber security controls after a number of hacks have taken place against government and private infrastructure in the last two years. 

The White House said in a statement that the "growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data." Under the strategy, federal employees will need to sign on to agency networks using multiple layers of security and agencies will have to do a better job of protecting their internal network traffic from hackers. The strategy gives agencies until the end of the 2024 fiscal year to meet these benchmarks and others.

This change was partially created by the 2020 spying campaign, alleged y by Russian hackers, that infiltrated several US agencies, which went undetected for  months. The hackers tampered with software made by federal contractor SolarWinds and others, to get into the unclassified networks of the Departments of Justice, Homeland Security and other government networks.

This strategy which will be released by the Office of Management and Budget, came from a cyber security executive order that President Biden signed last May after there were breaches in federal networks and a ransomware attack on a major US pipeline operator.

The strategy seeks to apply a cyber security concept known as "zero trust," which is popular at big corporations, to the federal government. "Zero trust" dictates that no computer user or system inside or outside an organisation is inherently trusted. 

Continuous security checks are needed to ensure that hackers aren't impersonating someone, and systems should be isolated when possible to keep malicious code from spreading.  

One aspect of the strategy is a requirement that agencies have a "complete inventory" of every electronic device on their networks. "This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses," National Cyber Director Chris Inglis said in a statement.

The new strategy requires federal officials to use several layers of security when they sign on to agency networks, and it requires agencies to boost internal network protection through various methods, such as inviting independent experts to assess levels of security.

The White House:       NBC:      CNN:      The Hill:       Eminetra:     

You Might Also Read: 

The End Of The American Cyber Empire:

 

« Cyber Criminals Frustrated By Russian Crypto Currency Rules
News Corp. Journalists Hacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

SureCloud

SureCloud

SureCloud is a Governance, Risk and Compliance (GRC) and Cybersecurity Solutions provider.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

CyberTrap

CyberTrap

CyberTrap is an advanced highly-interactive deception technology allowing real-time analysis and control of security breaches.

SecureKey Technologies

SecureKey Technologies

SecureKey is a leading identity and authentication provider that simplifies consumer access to online services and applications.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Findings

Findings

Findings (formerly IDRRA) is a scalable AI powered assessment platform that streamlines security compliance across sectors, jurisdictions and regulatory frameworks.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

Y-PARC

Y-PARC

Y-PARC is a center of excellence for cybersecurity, precision industries and medtech, fostering innovation and development and support for startups.

Sevren

Sevren

Sevren is a Next Generation Application Security Management & Orchestration Platform.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.