The White House announced these and other initiatives in an Oct. 11 fact sheet.
The document addressed many of the goals President Joe Biden outlined in his May 2021 executive order on national cybersecurity. It overviewed the U.S.’s progress on efforts like boosting federal best practices, growing the cyber workforce and advancing research into quantum-resistant encryption.
IOT SECURITY LABELS
President Biden’s May 2021 Executive Order on “Improving the Nation’s Cybersecurity” called for giving the public more control over their risk exposure, by marking consumer IoT products with labels indicating how cyber secure the offerings are.
The White House now plans this month to bring together private companies, associations and government entities to discuss how to develop such a marking. The ultimate goal is for “a common label for products that meet U.S. Government standards and are tested by vetted and approved entities,” yesterday’s fact sheet said.
TACKLING RANSOMWARE INTERNATIONALLY
Along with Biden’s executive order, May 2021 also brought an influential ransomware report. The Institute for Security and Technology (IST)-coordinated Ransomware Task Force published a report detailing the global nature of the ransomware ecosystem and recommending steps to combat the threat.
Roughly a year and a half later, the White House fact sheet tracks progress. Among the highlights: The International Counter-Ransomware Initiative (CRI), which the federal government launched in 2021 to boost international collaboration and which convenes again Oct. 31-Nov. 1.
Federal actors also sought to make cyber extortion less profitable and more painful by disrupting the flow of ransom and taking stronger responses. It sanctioned several cryptocurrency mixers commonly used by ransomware actors, extradited and jailed some individual perpetrators, and sanctioned cyber actors believed involved in the SolarWinds attack, the fact sheet notes.
The U.S. has been turning to international partners to address other cyber issues as well. That’s included efforts to establish and enforce cyber norms, something the White House says it supported by criticizing and “impos[ing] costs” on Iran when the government crossed the line by launching cyber attacks against Albania’s government. The White House also pointed to “a new virtual rapid response mechanism at NATO to ensure Allies can effectively and efficiently offer each other support in response to cyber incidents.”
GOVERNMENT SECURITY, CRITICAL INFRASTRUCTURE
The federal government has also looked to secure its own house, requiring multifactor authentication on all its systems — something promised under the May executive order — and creating a strategy for adopting zero trust.
Newer requirements also limited federal agencies to only procuring software that has security features. That move is intended to protect government as well as prompt vendors to raise all their products to that level, regardless of customer base.
Funding like the State and Local Cybersecurity Grant Program, meanwhile, are expected to help other levels of government strengthen their cybersecurity postures.
The White House also touted efforts to reach beyond the public sector. That includes promoting basic cyber hygiene and threat understanding among the private entities that own and operate much of the nation’s critical infrastructure. Thus far, that’s seen outreach to the banking, health care, transportation and water sectors.
BUILDING THE FUTURE: WORKFORCE & RESEARCH
Cyber talent shortages remain a pressing issue, and high among state CISOs’ concerns, according to a NASCIO report out this week. The White House said it is striving to build the workforce, with aims to create more pathways into cyber jobs and bring more diversity to the field. A 120-day Cybersecurity Apprenticeship Sprint launched in July 2022 aims to support such efforts.
The federal government also “more than doubled” investments into quantum research and development, in efforts to stay competitive in the space and get ahead of threats. That includes efforts to develop and deploy forms of cryptography designed to resist cracking by any forthcoming quantum computers.
