U.S. cybersecurity makes major strides amid new threats

The Office of the Director of National Cyber ​​Security said in a report Tuesday assessing various cybersecurity threats that the United States is “in the midst of a fundamental transformation” of national cybersecurity. The agency also released a companion update to the 2023 National Cyber ​​Strategy Implementation Plan, adding 31 new initiatives to the strategy and directing six federal agencies to lead cyber efforts for the first time.

Despite the White House advancing a “positive vision for a secure, prosperous, and fair digital future,” National Cyber ​​Director Harry Coker wrote in a letter accompanying the report that “we are “The threats we face remain formidable, our defenses are not impregnable, and our efforts continue.” Evolving to meet changing circumstances. ”

ONCD describes artificial intelligence as “one of the most powerful and publicly accessible technologies of our time,” and says that advances in large-scale language models and other fundamental algorithms during 2023 will lead to “large-scale cyber risks.” It has created opportunities and challenges for management.” The report found that cybercriminals with limited resources and technical expertise could use AI to carry out malicious cyber operations, while AI-enabled surveillance and censorship could help authoritarian regimes It warned that it was now possible to “target journalists, dissidents and human rights defenders more effectively and efficiently.”

The implementation plan prioritizes the protection of critical infrastructure and essential services, calls for healthcare and public health sector-specific cybersecurity performance goals, and the establishment of an educational facilities subsector government coordination council. The plan also calls for the adoption of cybersecurity best practices across the water and wastewater systems sector.

ONCD highlights the increasing dependence on third-party cloud service providers among critical infrastructure owners and operators, with cloud migrations and hybrid deployments that require complex centralized logging and authentication. He said systems are often put in place that could allow threat actors to hack into identity management systems.

“China's breach of U.S. government communications in 2023 demonstrates the need to maintain comprehensive logging,” the report states. “As organizations move increasing amounts of data and processes to the cloud, this migration introduces new cross-sector dependencies and complicates the identification and management of systemic risks.”

Mark Montgomery, senior director at the Foundation for Defense of Democracies, said the report shows that “the ongoing transition of governments, businesses, and utilities to cloud service providers is a positive step, but also requires careful attention to security.” We reiterate the need for caution.” ' Focused on cyber and technology innovation.

“The Inaugural Readiness Report does a good job of highlighting the threats to the United States, making it clear that nation-state manipulation of critical infrastructure and criminal ransomware attacks are the two most pressing threats,” Montgomery said. said.

The implementation plan focuses on strengthening cooperation across government and between the public and private sectors to disrupt and dismantle international threat actors. The strategy also emphasizes the importance of the US Cyber ​​Trust Mark, a cybersecurity labeling program for smart devices. The program “helps consumers make more informed purchasing decisions, differentiates trusted products on the market, and creates incentives for manufacturers to meet higher cybersecurity standards.”