Is US Cyber Security Actually Improving?

Uploaded on 2022-02-04 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The US Government has announced new measures to boost cyber security within federal agencies following increased cyber attacks on private and public US infrastructure. It is one of the Biden administration’s biggest efforts yet to secure the computer networks on which the government relies to conduct business.

The aim is to make federal agencies tighten their cyber security controls after a number of hacks have taken place against government and private infrastructure in the last two years. 

The White House said in a statement that the "growing threat of sophisticated cyber attacks has underscored that the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data." Under the strategy, federal employees will need to sign on to agency networks using multiple layers of security and agencies will have to do a better job of protecting their internal network traffic from hackers. The strategy gives agencies until the end of the 2024 fiscal year to meet these benchmarks and others.

This change was partially created by the 2020 spying campaign, alleged y by Russian hackers, that infiltrated several US agencies, which went undetected for  months. The hackers tampered with software made by federal contractor SolarWinds and others, to get into the unclassified networks of the Departments of Justice, Homeland Security and other government networks.

This strategy which will be released by the Office of Management and Budget, came from a cyber security executive order that President Biden signed last May after there were breaches in federal networks and a ransomware attack on a major US pipeline operator.

The strategy seeks to apply a cyber security concept known as "zero trust," which is popular at big corporations, to the federal government. "Zero trust" dictates that no computer user or system inside or outside an organisation is inherently trusted. 

Continuous security checks are needed to ensure that hackers aren't impersonating someone, and systems should be isolated when possible to keep malicious code from spreading.  

One aspect of the strategy is a requirement that agencies have a "complete inventory" of every electronic device on their networks. "This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses," National Cyber Director Chris Inglis said in a statement.

The new strategy requires federal officials to use several layers of security when they sign on to agency networks, and it requires agencies to boost internal network protection through various methods, such as inviting independent experts to assess levels of security.

The White House:       NBC:      CNN:      The Hill:       Eminetra:     

You Might Also Read: 

The End Of The American Cyber Empire:

 

« Cyber Criminals Frustrated By Russian Crypto Currency Rules
News Corp. Journalists Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

Cryptshare

Cryptshare

Cryptshare is a communication solution that enables you to share e-mails and files of any size securely.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

SecureNation

SecureNation

SecureNation offers a wide variety of cutting-edge technologies and IT services to address almost any of your information security, network security and information assurance needs.

Hong Kong Broadband Network (HKBN)

Hong Kong Broadband Network (HKBN)

HKBN are a leading integrated telecom and technology solutions provider that offers a comprehensive range of premier ICT services to both the enterprise and residential markets.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

Swish Data Corp.

Swish Data Corp.

Swish delivers when the problems are complex, requirements are difficult, and the mission is absolutely critical.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

DESCERT

DESCERT

DESCERT offers you an extended IT, cyber security, risk advisory & compliance audit team which provides strategic guidance, engineering and audit services.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.