background. New Year 2023 celebration concept.getty

The pace of technological innovation has led to a transformation in many areas of our lives. In 2023, although it is only Spring, the impact of emerging technologies including artificial intelligence/machine learning, 5G, IoT, and quantum are significantly impacting everything connected to the internet.

The introduction of these potentially disruptive technologies do have implications on cybersecurity and the challenges of keeping us safe. In particular, AI is the hot topic of focus as generative artificial intelligence can leverage ChatGPT-powered for code, and ai/machine learning to amplify social engineering capabilities and help identify target vulnerabilities for hackers. These evolving tech trends and statistics are already telling a story for 2023.

As data continues to be produced and stored in greater volumes, and as connectivity greatly expands globally on the internet, the attack surface has become more exploitable with gaps and vulnerabilities for criminal and nation state hackers. And they are taking advantage.

In fact, the global cyber-attacks Rose by 7% already in Q1 2023. Weekly cyber-attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1248 attacks per week. The figures come from Check Points latest research report, which also suggests that the education and research sector experienced the highest number of attacks, rising to an average of 2507 per organization per week (a 15% increase compared to Q1 2022). The Check Point report also shows that 1 in 31 organizations worldwide experienced a ransomware attack weekly over the first quarter of 2023. Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)

In addition, key malware statistics for 2023 are adding to cybersecurity difficulties. It is estimated that 560,000 new pieces of malware are detected every day and that there are now more than 1 billion malware programs circulating. This translates to four companies falling victim to ransomware attacks every minute. A Not-So-Common Cold: Malware Statistics in 2023 (dataprot.net)

To top it off with more alarming statistics, so far almost 340 million people have been affected by publicly-reported data breaches or leaks in 2023 according to a public data breach tracker created by the U.K. news site The Independent. Cyber Security Today, April 28, 2023 Data on over 340 million people exposed so far this year | IT World Canada News

Last year, global 5G connections increased 76% in 2022 to 1.05B; 5G penetration hit 32% in North America. Global 5G connections are set to reach 1.9B in 2023. For cybersecurity that means less latency and faster attacks by threat actors. Global 5G Connections Set to Hit 1.9B in 2023 | TV Tech (tvtechnology.com)

Both cyber-attacks and vulnerabilities are expanding. A new report, State of Cyber Assets Report (SCAR) shows released by the cyber asset management company JupiterOne, analyzed over 291 million assets, findings, and policies to determine the current state of enterprise cloud assets. The report found that the number of assets organizations manage on average has increased by 133% year-over-year, from 165,000 in 2022 to 393,419 in 2023. The number of security vulnerabilities has grown disproportionately, jumping up 589%. According to the report, data is the most vulnerable type of asset, accounting for nearly 60% of all security findings.

The report also highlighted the challenges that security teams are facing, showing that, on average, a security team is responsible for 393,419 assets and attributes, 830,639 potential security risks, and 55,473 policies. This has led to security fatigue and staffing shortages in many organizations. Report: Cyber vulnerabilities skyrocket 589%, underscoring importance of cybersecurity | WRAL TechWire

While many industry sectors have been the target of cyber-attacks, including financial, education, and retail, the healthcare industry still is in the cross hairs of criminal hackers. This makes sense as many health institutions still lack the proper investment and expertise in cybersecurity because their funding goes to medical equipment and operations. Criminal hackers tend to go for the low hanging fruit. In the case of healthcare, the liability risks make ransomware a logical means of extortion.

Stethoscope on laptop keyboard, blue lighting

getty

According to the IBM 2022 Cost of a Data Breach report, the healthcare industry is still the costliest industry for a breach at $10.1 million on average for the twelfth year in a row. Fortified Health found that 78% of data breaches in 2022 were from hacking and IT incidents, an increase from 45% in 2018. Unauthorized access the second leading cause accounted for 38% of incidents in 2018 and now is only responsible for 16%. Other causes noted were theft, loss and improper data disposal.

Attackers often set their sights on healthcare organizations because breaches and incidents have a high impact. Because healthcare is an essential service, organizations are more likely to pay ransoms to provide continuous care when business disruptions can have devastating consequences. Additionally, healthcare organizations possess high-value data, such as personal and financial information. Attackers can often resell records for high prices on the dark web. Hacking Caused 80% of Healthcare Data Breaches in 2022 (securityintelligence.com)

Phishing is still one of the preferred methods used by criminal hackers. Why, because it is easy to do and successful, especially now that many of the attacks are being automated.

New research shows that up to a half of all HTML email attachments are malicious. This rate of malicious HTML prevalence is double compared to what it was last year and doesn't appear to be the result of mass attack campaigns that send the same attachment to a large number of people.

Barracuda used its telemetry to perform an analysis in May 2022 and found that 21% of the HTML attachments its products scanned that month were malicious. This was by far the highest malicious-to-clean ratio of any file type sent via email, but it progressively got worse since then, reaching 45.7% in March this year.So, for anyone who receives an HTML attachment via email right now there's a one in two chance it's maliciousAttacks increasingly use malicious HTML email attachments | CSO Online

Emerging technologies combined with the ability to be paid in cryptocurrencies that are hard to trace has accelerated ransomware attacks in recent years. The trend continues, ransom demands, recovery times, payments and breach lawsuits all on the rise.

In 2022, we saw increases in average ransom demands, average ransom payments, and average recovery times in most industries, the report authors wrote. The lull in ransomware that marked the start of the year is over. Ransomware groups have resumed attacks, and organizations must redouble their efforts to defend themselves against increasing attacks.

Baker Hostetlets Digital Assets and Data Management examined over 1,160 incidents from 2022. While many organizations have bolstered security and resilience, the data shows that threat actors continue to adapt and find footholds onto the network through evasive malware, social engineering, multi-factor authentication bombing, and credential stuffing.

The average time to recover from ransomware rose in nearly every sector, and in most cases, significantly. In 2021, the average recovery time for all sectors was just over a week. Last year, the retail, restaurant, and hospitality sectors saw an increase in the average recovery time from 7.8 days in 2021 to 14.9 days in 2022, or a 91% increase.

Healthcare saw a 69% rise in the length of recovery, followed by a 54% uptick for the energy and technology sectors, and 46% in the government industry segments. These increases mirrored a spike in ransom demands in 6 out of 8 industries, with an average payment of $600,688. Ransom demands, recovery times, payments and breach lawsuits all on the rise | SC Media (scmagazine.com)

For a detailed examination of the ransomware threat, please see my FORBES article Ransomware on A Rampage:

One of the biggest vulnerabilities for cyber-attacks has been on the supply chain. This was highlighted by the Colonial Pipeline and Solar Winds breaches and many others. It is a formidable task to protect any business or organization from the bast array of cyber- attacks, but when they are part of a supply chain with other parties or vendors, it becomes even a larger challenge. The reality is that 9 out of 10 companies have recently detected software supply chain security risks.

Reversing Labs Software Supply Chain Risk Survey found that nearly 90% of technology professionals detected significant risks in their software supply chain in the last year. More than 70% said that current application security solutions aren't providing necessary protections. More than 300 global executives, technology and security professionals at all seniority levels directly responsible for software at enterprise companies, were surveyed for the study.

Nearly all respondents (98%) recognized that software supply chain issues pose a significant business risk, citing concerns beyond code with vulnerabilities, secrets exposures, tampering and certificate misconfigurations. Interestingly, more than half of technology professionals (55%) cited secrets leaked through source code as a serious business risk followed by malicious code (52%) and suspicious code (46%).9 out of 10 companies detected software supply chain security risks | Security Magazine

And data released from Black Kites 2023 Ransomware Landscape Report finds the number of ransomware victims announced in March 2023 was nearly double that of April 2022 and 1.6 times higher than the peak month in 2022. Other key findings from April 1, 2022, through March 31, 2023, include:

Black Kite Research: Ransomware Attacks Resurge with Victims Doubling in 2023 (yahoo.com)

Data Breach Button on Computer Keyboard

getty

Because company reputations and stock prices can be impacted by a breach disclosure, that is often a reluctance to report an incursion to the public. New laws that require disclosure, especially in the banking and financial community are on the books and should help to quell this trend, but apparently it has not taken root yet.

New research released by cybersecurity vendor Bitdefender today surveyed over 400 IT and security professionals who work in companies with 1,000 or more employees. Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential i.e., to cover them up when they should have been reported.

Perhaps even more shockingly, 29.9% of respondents admitted to actually keeping a breach confidential instead of reporting it. This research highlights that an alarming number of organizations are willing to ignore their obligations to report data breaches to regulators and customers, in an attempt to avoid legal and financial penalties. A third of organizations admit to covering up data breaches | VentureBeat

While the threats are more sophisticated and capable, there are some basic cyber-hygiene measures that any company or individual can do to make themselves less of a target. They include:

Multi-factor authentication (MFA): MFA helps limit the possibility of unauthorized access. Enforcing always-on MFA through additional physical controls or temporary secondary codes makes life for a cybercriminal more difficult.

Identity and access management: Identity and access management (IAM) ensures that only the right people and job roles in your organization can access the tools they need to do their jobs. Through single sign on applications, your organization can manage employee apps without having them log into each app as an administrator.

Strong password management: There are practical remedies to get beyond that bad habit of using easy passwords to crack. Do not use default passwords on your devices and when you do create passwords make them complicated. Consider making them long or using phrases with letters, numbers, and characters.

Protective Tools: for better protection also consider using firewalls, and adding antivirus & intrusion detection software to your devices.

Update and Backup: be sure to update and patch your network in a timely manner and maintain a robust backup program that segments and encrypts sensitive data.

Finally have an Incident Response Plan, anyone in the growing and sophisticated cyber universe can become a victim and attackers always have an asymmetrical advantage.

This is just a small snapshot of some of the trends and statistics that are emerging on the cyber ecosystem in 2023. It is more important than ever to be vigilant and cyber-aware as there is much to be worried about on the cyber-threat horizon.

About The Author:

Chuck Brooks

Chuck Brooks

Chuck Brooks is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also an Adjunct Faculty at Georgetown Universitys Graduate Cybersecurity Risk Management Program where he teaches courses on risk management, homeland security technologies, and cybersecurity. LinkedIn named Chuck as one of The Top 5 Tech People to Follow on LinkedIn. He was named Cybersecurity Person of the Year for 2022 by The Cyber Express, and as one of the worlds 10 Best Cyber Security and Technology Experts by Best Rated, as a Top 50 Global Influencer in Risk, Compliance, by Thompson Reuters, Best of The Word in Security by CISO Platform, and by IFSEC, and Thinkers 360 as the #2 Global Cybersecurity Influencer. He was featured in the 2020, 2021, and 2022 Onalytica "Who's Who in Cybersecurity" He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is a GovCon Expert for Executive Mosaic/GovCon Wire, He is also a Cybersecurity Expert for The Network at the Washington Post, Visiting Editor at Homeland Security Today, and a Contributor to Skytop Media, and to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown Universitys Graduate Applied Intelligence Program and the Graduate Cybersecurity Programs where he teaches courses on risk management, homeland security, and cybersecurity.

LinkedIn named Chuck as one of The Top 5 Tech People to Follow on LinkedIn. He was named as one of the worlds 10 Best Cyber Security and Technology Experts by Best Rated, as a Top 50 Global Influencer in Risk, Compliance, by Thompson Reuters, Best of The Word in Security by CISO Platform, and by IFSEC and Thinkers 360 as the #2 Global Cybersecurity Influencer. He was featured in the 2020, 2021, and 2022 Onalytica "Who's Who in Cybersecurity" as one of the top Influencers for cybersecurity.

Chuck has served at executive levels in both government and industry. He is a two-time Presidential Appointee and was one of the group of initial people hired to helped set up the Department of Homeland Security, including the Science & Technology Directorate.

Chuck has written over 300 articles and has keynoted dozens of conferences worldwide. He has over 82,000 followers on LinkedIn and almost 18,000 followers on Twitter.

Chuck has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Follow Chuck on social media:

LinkedIn:https://www.linkedin.com/in/chuckbrooks/

Twitter:@ChuckDBrooks

Read more:
Cybersecurity Trends & Statistics; More Sophisticated And Persistent Threats So Far In 2023 - Forbes

A Chinese report has alleged that the U.S. Central Intelligence Agency (CIA) masterminded a great number of hacker attacks and color revolutions in the post-Soviet space and other regions of the globe.

Chinas National Computer Virus Emergency Response Centre and Chinese internet Security Company 360 made the report on Thursday.

The report said for many years, the CIA has been secretly organising peaceful change and color revolutions, as well as carrying out espionage activities and stealing information.

The authors of the report believe that all revolutions recognised as color revolutions by international experts and organisations, as well as many other events were orchestrated by the U.S. special services.

Read also:Open Banking will democratise Nigerian banking customers data Dozie

The revolutions include: Velvet Revolution in Czechoslovakia in 1989, Rose Revolution in Georgia in 2003, Orange Revolution in Ukraine from 2004-2005, Tulip Revolution in Kyrgyzstan in 2005, Arab Spring of 2010s, Ukrainian Euromaidan from 2013-2014, and Sunflower Movement in Taiwan in 2014.

Besides, the paper argues that U.S. secret agencies were trying to stage color revolutions in Belarus, Azerbaijan, Lebanon, Myanmar, Iran and other states.

According to statistics, over the past few decades, the CIA has overthrown or attempted to overthrow legitimate governments in more than 50 countries, causing unrest, the report read.

Additionally, the report said that the APT or APT-C-39 hacker organisation, which was exposed by the 360 company in 2020, used for its cyberattacks tools similar to those featured in the Vault 7 papers published by WikiLeaks and listed there as CIA hacking tools.

According to the report, the main targets of the organisation are important information infrastructures of various countries, aerospace, research institutes, oil companies, Internet companies and government agencies.

Its activities can be traced back to 2011, and attacks continue to this day.

A Chinese report has alleged that the U.S. Central Intelligence Agency (CIA) masterminded a great number of hacker attacks and color revolutions in the post-Soviet space and other regions of the globe.Chinas National Computer Virus Emergency Response Centre and Chinese internet Security Company 360 made the report on Thursday.The report said for many years, the CIA has been secretly organising peaceful change and color revolutions, as well as carrying out espionage activities and stealing information.The authors of the report believe that all revolutions recognised as color revolutions by international experts and organisations, as well as many other events were orchestrated by the U.S. special services.Read also:Open Banking will democratise Nigerian banking customers data DozieThe revolutions include: Velvet Revolution in Czechoslovakia in 1989, Rose Revolution in Georgia in 2003, Orange Revolution in Ukraine from 2004-2005, Tulip Revolution in Kyrgyzstan in 2005, Arab Spring of 2010s, Ukrainian Euromaidan from 2013-2014, and Sunflower Movement in Taiwan in 2014.Besides, the paper argues that U.S. secret agencies were trying to stage color revolutions in Belarus, Azerbaijan, Lebanon, Myanmar, Iran and other states.According to statistics, over the past few decades, the CIA has overthrown or attempted to overthrow legitimate governments in more than 50 countries, causing unrest, the report read.Additionally, the report said that the APT or APT-C-39 hacker organisation, which was exposed by the 360 company in 2020, used for its cyberattacks tools similar to those featured in the Vault 7 papers published by WikiLeaks and listed there as CIA hacking tools.According to the report, the main targets of the organisation are important information infrastructures of various countries, aerospace, research institutes, oil companies, Internet companies and government agencies.Its activities can be traced back to 2011, and attacks continue to this day.

TO READ THE FULL ARTICLE

See more here:
CIA staged Arab Spring, others around globe Chinese Cyber-security Centre - Businessday

Whether they take the form of a targeted attack or an accidental leak, cyber incidents are a major threat to the U.S. school system.

From public school districts to higher education and everywhere in between, malicious actors are chomping at the bit to get ahold of student data. Of course, hackers are just one part of the problem.

Education institutions are also struggling to keep personal information safe from internal cyber risk. Worse yet, transformative classroom technologies are making it harder than ever to uncover student safety signals and mitigate preventable incidents.

Luckily, its not hard to pinpoint the solution: Schools need insight into whats lurking behind the scenes, no matter whether thats a potential cyber attack or inappropriate content. The only problem? As it turns out, visibility isnt so easy to obtain.

Lets explore everything you need to know about K-12 cybersecurity and safety, including what your school district can do to better protect students from cyber risk.

At first glance, you might assume K-12 cybersecurity and cyber safety are one and the same. Indeed, both are concerned with student well-being, but theres a notable difference.

Specifically, cybersecurity involves proactively safeguarding sensitive information from a potential threat. This can include both internal and external cyber risk factors such as a student inappropriately accessing data on a school-provided device or a threat actor attempting a data breach.

On the other hand, cyber safety is more associated with ensuring students and staff members are safe from physical or emotional harm stemming from cyber incidents; the goal being to prevent such incidents in the first place. (Looking for an example? More on this later.)

The common denominator is that both are crucial in todays increasingly digital school district.

According to a recent report, the K-12 school system experienced a 275% increase in ransomware, 157% rise in malware, and 146% leap in IoT attacks all in 2022 alone.

In essence, that means malicious actors are targeting K12 schools at an accelerated rate. Why? Because theyre a goldmine of sensitive data. Whether youre a private or public school, chances are youre processing the following:

And, because your district has this information, its safe to say your edtech vendors do, too. When you allow vendors to access your data, youre entrusting them to mitigate cybersecurity risk. But, if their abilities are lacking, a third-party data breach could expose your student data at which point, anything could happen. Theres no telling how a threat actor might exploit your personal information.

Where safety is concerned, your school district must also be wary of how students and staff are using technology.

Despite their benefits, edtech tools and cloud applications especially arent always operated with the best intentions. For instance, a student may use a school-provided cloud resource (such as a Google Doc) to cyberbully a classmate. Another cyber risk to consider is that users could be using apps to share inappropriate content, such as pornography or depictions of graphic violence.

Not only are these incidents harmful to youths, but they also violate the Childrens Internet Protection Act (CIPA). CIPA requires you to implement internet security and safety policies for monitoring activity and blocking access to content deemed obscene, inappropriate, illegal, or harmful to minors.

Per the Federal Communications Commission, violating CIPA can result in your school district losing its E-Rate eligibility.

More than just school network or endpoint protection, education institutions are in dire need of cloud security.

Many districts rapidly adopted cloud services during the pandemic. According to CoSNs EdTech Leadership Survey, 97% are using some type of cloud-hosted learning management system. This corroborates our own research in collaboration with EdWeek, which found that over 90% of schools are using cloud domains like Google Workspace or Microsoft 365.

Unfortunately, as cloud technologies rose to the forefront of the school system, so did cybersecurity threat vectors of all shapes and sizes.

With the available data we saw a three-fold increase in cyber incidents affecting the K-12 education sector last year, said Doug Levin, co-founder and director of the K12 Security Information Exchange. That increase was due to the greater [uptick] of technology by schools and the exploitation of IT systems of third-party educational technology vendors that schools rely upon.

Whats important to remember is that remote learning isnt going anywhere. In fact, CoSNs 2022 report indicates that about quarter of schools offer hybrid learning options in the 2022-23 academic year.

Sadly, education institutions arent putting much of their budget into securing student data. When they do, most of their resources are put toward school network security not the cloud.

Consequently, theyre vulnerable to countless cloud-based attack strategies and risks. Lets unpack some of the most common ones:

Inappropriate and harmful behavior among students has long been a lingering problem in the U.S. school system. Although strides have been made over the years, recent tech developments are further stoking the flames of toxicity.

Of course, schools were struggling with cyberbullying well before they ever adopted cloud technology. But, with more digital channels in students hands than ever before, its becoming increasingly difficult to monitor, investigate, and prevent.

Its no surprise that toxicity comes in many forms. Whats more shocking is that there might be traces of them floating around your cloud domain.

K-12 cybersecurity isnt a walk in the park, but were here to help. Here are a few of our cybersecurity recommendations plus a few quick tips to help you shield your school district.

Its important for all users to understand their role and responsibility in keeping the district safe from cyber risk. Both students and staff should be trained on best practices. That way, everyone can do their part.

Here are a few tips you can use when safeguarding your district:

The biggest pain point IT administrators have is that they cant see the full scope of their cloud domain. A cloud monitoring tool can take you behind the scenes of whats really happening, unearthing previously hidden risks and enabling you to intervene.

DLP software is a cybersecurity tool that focuses on preventing critical information from being exposed. With DLP, you can implement custom policies or rules that users must follow when it comes to the cloud. If a student downloads an unsanctioned app, youll be notified right away of exactly whos involved and what actions they took. If someone is discussing suicide or self-harm, youll be similarly alerted and can implement the appropriate response protocol.

Sometimes, all you need is a buffer between your district and the cloud. Thats what CASB has to offer.

When you have a solution with CASB capabilities, you can insert an additional security layer that users must bypass before accessing cloud services. Cloud access security brokers are designed to give you more visibility into who has access to data and how they use it. That way, they can identify suspicious user activity and stop malicious actors in their tracks.

All things considered, K-12 cybersecurity isnt simple. A lot of factors are at play, and you need every advantage you can get to protect your students.

Luckily, thats what ManagedMethods is for. With our automated cloud security platform, you get all these capabilities rolled into one easy-to-use dashboard.

The post A Comprehensive Guide to K-12 Cybersecurity and Safety appeared first on ManagedMethods.

*** This is a Security Bloggers Network syndicated blog from ManagedMethods authored by Alexa Sander. Read the original post at: https://managedmethods.com/blog/a-comprehensive-guide-to-k-12-cybersecurity-and-safety/

Read more:
A Comprehensive Guide to K-12 Cybersecurity and Safety - Security Boulevard

Mr. Kawago is the founder and Chief Technical Officer of WAGA, a company which produces solar lamps, power banks and mini-power walls, to help rural dwellers access off-grid clean and affordable energy for lighting and power solutions, and urban dwellers to cope with power cuts.

Currently, Mr. Kawago is working with Tanzanian radio station Wasafi FM, educating over 13 million people on solving digital problems and raising awareness of new technologies.

He spoke to UN News during the 2023 ECOSOC Youth Forum, which took place at the end of April.

Gibson Kawago, a member of UN Young Leaders class of 2022 from Tanzania standing in his workshop where he makes battery powered products from recycled lithium-ion batteries

Because there was no electricity in my village when I was growing up, those with mobile phones couldnt charge them when the battery ran out. So, I would bring five to 10 phones with me on a bicycle, and travel around thirty miles to the nearest town with power.

But sometimes it would take two days to recharge the phones, because there was a queue. This made it very hard for people to communicate with the outside world, but we had no choice.

This made want to find solutions to this problem, of living in a community that was not connected to the electricity grid. Thats why I set up Waga, but we work together with NGOs and the government to solve the problem together.

Gibson Kawago, Young Leader for the SDGs

I decided to get involved with Wasafi FM because radio is powerful. You can listen on the public transport, at home or on your mobile phone. And nowadays we can live stream online.

At the moment, I have a daily five-minute segment, where I share information about the latest trends in technology. I talk about things like internet security, explaining how young people can make their social media accounts more secure, because a lot of them dont know how to do this. I also teach them about phishing attacks, and how to protect themselves from hackers who will try to steal their accounts.

So, I educate them on how they can secure their accounts, but also I to get them on new technologies. There are so many technologies that me as gives them I have access to and have knowledge about. But those people living in rural places who listen to radios can't access the internet.

We often look to the bosses of big companies to change things, but we can also make a difference. At WAGA, we are also trying to help people to fight climate change in Tanzania with our e-mobility solutions. We make powerpacks, for example, that can turn regular motorbikes into electric bikes. But first we need to change peoples mindsets. They need to understand why its important to use electric bikes and, for that to happen, they need to be educated.

Young people have a lot of potential to change the world. And, as we have seen at the Youth Forum, although we come from many different backgrounds, we are united in our common aim, to achieve the Sustainable Development Goals.

The world makes a road for those who know where they are going. And we know where we are going.

Excerpt from:
First Person: The young leader bringing clean power to Tanzanian ... - UN News

Read in PDF

Background

On March 2, 2023, the Biden administration released the new National Cybersecurity Strategy, replacing the 2018 Trump administration Cybersecurity Strategy. The new strategy builds on the previous one, continuing the momentum on many of its priorities while seeking to carry forward and evolve many of the strategic efforts originally initiated by the 2008 Comprehensive National Cybersecurity Initiative.

Dividing the strategy into five pillars, the Biden administration focuses on defending critical infrastructure, disrupting and dismantling threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships to pursue shared goals.

The new strategy underlines two fundamental shifts: rebalancing the responsibility to defend cyberspace and realigning incentives to favor long-term investments. It takes a fresh look at the balance between the government and the private sector in terms of roles and responsibilities toward mitigating cyber risks. It recognizes the present realities where the end users bear a disproportionate burden for reducing such risks and, in an ambitious outlook change, seeks a legislative mechanism to enforce liability on providers when they fail to meet basic security standards. While underlining the governments role to protect its own systems and engage in diplomacy, law enforcement, and the collection of intelligence, the strategy places an emphasis on the need for private entities to protect their systems.

The Biden administration's strategy highlights the need to make substantial public sector investments in the sector to assure that the U.S. continues to stay ahead of the curve in modern technology and innovation, maintaining its global leadership role. For this, the Biden administration deems it necessary to incentivize decision-making while balancing short-term imperatives against a long-term vision.

An Overview of the Priorities in Five Pillars

1.Defend Critical Infrastructure

2.Disrupt and Dismantle Threat Actors

3. Shape Market Forces to Drive Security and Resilience

4.Invest in a Resilient Future

5.Forge International Partnerships to Pursue Shared Goals

Decoding the Strategy: What Does it All Mean?

Focus on Public-Private Cooperation

The strategy underlines that the industry and government must drive effective and equitable collaboration to correct market failures, minimize the harm from cyber incidents to society's most vulnerable members, and defend the shared digital ecosystem. It appreciates the commitments made by private sector entities to engage in collaborative defense efforts like the "Shields Up" campaign, which preceded the beginning of the ongoing Russia-Ukraine war, to proactively increase preparedness and promote effective measures to combat malicious activity.

The strategy encourages private sector partners to come together and organize efforts through one or more non-profit organizations that can serve as hubs for operational collaboration with the federal government.

This collaborative approach is of great interest to countries worldwide struggling to evolve a robust mechanism for policy inputs. Those working to craft a national cybersecurity strategy can benefit from policy inputs from non-profits through a structural and institutionalized framework. As countries look to decide whether or not to adopt strict data localization policies, factors like the identification of gaps in authorities to drive better cybersecurity practices in the cloud computing industry and other third-party services will be of great value. This is where expanded collaboration can play an important role.

Focus on Investments

Assuring the continued U.S. leadership in technology and innovation, the new strategy reemphasizes that a resilient and flourishing digital future tomorrow begins with investments made today. Toward this goal, it states that the federal government must leverage strategic public investments in innovation, R&D, and education to drive outcomes that are economically sustainable and serve the national interest.

The Biden administration also seeks to support non-governmental standards developing organizations (SDOs) to partner with industry leaders, international allies, academic institutions, and professional societies to secure emerging technologies. In particular, it aims to secure three families of technologies: quantum computing and AI, biotechnology, and clean energy. This investment focus will likely resonate in countries engaged in developing their own technology and governance visions for the decade ahead.

Calling Out Adversaries

The new strategy puts the spotlight on the governments of Russia, China, Iran, North Korea, and other autocratic states with revisionist intentions that are aggressively using advanced cyber capabilities to pursue objectives that run counter to accepted international norms as well as against U.S. interests.

It calls out the Peoples Republic of China as the broadest, most active, and most persistent threat to government and private sector networks and the only country with both the intent to reshape the international order and, increasingly, the economic, diplomatic, military, and technological power to do so.

It highlights that Russia remains a persistent cyber threat, refining its cyber espionage, attack, influence, and disinformation capabilities to coerce sovereign countries; harboring transnational criminal actors; aiming to weaken U.S. alliances and partnerships; and subverting the rules-based international system. It further recognizes the growing sophistication and willingness of the governments of Iran and North Korea to carry out malicious activities in cyberspace. The new strategy highlights the immediate need to counter further advances in both countries capabilities, underlining in particular Irans use of its cyber capabilities to threaten U.S. allies in the Middle East, chief among them Israel and the Arab Gulf states, and both Iran and North Koreas exploitation of cyberspace and cryptocurrency platforms to generate revenues to help reduce fiscal deficits caused by severe Western sanctions.

In recent years, the U.S. has along with allies like the U.K. and Australia taken an active stance toward public and collective attribution of malicious activities in cyberspace. As it looks toward expanding partnerships, Washington can aim to bring closer countries like India that face similar threats, but do not yet have an attribution framework or a clearly defined policy.

Focus on Values and Foundations

The core theme of the new strategy is an ambition for the further values-driven development of the digital ecosystem. It stresses that the U.S. must seize the opportunity to instill its most cherished values, as embodied by the Declaration for the Future of the Internet (DFI) and the Freedom Online Coalition, in future cyberspace governance models.

Taking note of the inherently vulnerable nature of cyberspace, it emphasizes the need to make fundamental changes to the underlying dynamics of the digital ecosystem, shifting the advantage to its defenders and frustrating the forces that would threaten it.

Focus on Resilience

The strategy states that the Biden administration is committed to improving federal cybersecurity through long-term efforts to implement a zero-trust architecture strategy and modernize IT and OT infrastructure. In doing so, it hopes that the federal cybersecurity program can be a model for critical infrastructure across the U.S. for how to successfully build and operate secure and resilient systems.

Along with this, the Biden administration seeks to embark on a clean-up effort to reduce systemic risks and the most pressing security challenges, without disrupting the existing platforms and services. This includes the technical foundations of the digital ecosystem, which are inherently vulnerable.

Considering the long-standing pioneer position of the U.S. in terms of digital innovation and in shaping the contours of cyber policies, how the U.S. government aspires to re-envision, re-shape, and re-vitalize this ecosystem will be critical for all countries.

Focus on Offensive Approach for Deterrence

The strategy states that the U.S. will use all of its instruments of national power to disrupt and dismantle threat actors whose actions threaten its interests. These efforts may integrate diplomatic, information, military (both kinetic and cyber), financial, intelligence, and law enforcement capabilities.

It complements the Department of Defense's strategic approach, as laid out in the 2018 Cyber Strategy, of defending forward, stating that it has helped generate insights on threat actors, identify and expose malware, and disrupt malicious activity before it could affect its intended targets.

As active offense increasingly becomes the operational norm, countries worldwide might deem it necessary to refine and expand their capabilities. This could potentially lead to an accelerating arms race in the near future.

Focus on Threat Monitoring and Intelligence Sharing

The new strategy recognizes the need to increase the speed and scale of cyber threat intelligence sharing to proactively warn cyber defenders and notify victims when the government has information that an organization is being actively targeted or may already be compromised. It affirms that the federal government will work with cloud and other internet infrastructure providers to quickly identify malicious use of U.S.-based infrastructure, share reports of malicious use with the government, make it easier for victims to report abuse of these systems, and make it more difficult for malicious actors to gain access to these resources in the first place.

Focus on Ransomware

Acknowledging ransomware's impact on key critical infrastructure services, the new strategy states that the U.S. will employ all elements of national power to counter the threat by leveraging international cooperation to disrupt the ransomware ecosystem, investigating crimes to disrupt infrastructure and actors, bolstering critical infrastructure resilience to withstand attacks, and addressing the abuse of virtual currency to launder ransom payments.

It highlights that the White House has convened the Counter-Ransomware Initiative (CRI) with participation from more than 30 countries.

Focus on Legislative Reform and Regulations

Underscoring that regulation can level the playing field and enable healthy competition without sacrificing cybersecurity or operational resilience, the Biden administration deems it vital that the new and updated cybersecurity regulations be calibrated to meet the needs of national security and public safety, harmonized to reduce duplication, complementary to public-private collaboration, and cognizant of the cost of implementation.

The strategy states that regulations should be performance-based, leverage existing cybersecurity frameworks and international standards in a manner consistent with current policy and law, and when necessary, pursue cross-border regulatory harmonization to prevent cybersecurity requirements from impeding digital trade flows.

The administration supports legislative efforts to impose robust, clear limits on the ability to collect, use, transfer, and maintain personal data and aims to work with Congress and the private sector to develop legislation that establishes liability for software products and services.

With an increasing number of high-impact ransomware and other cyberattacks in recent years, cyber insurance has become a critical focus around the world. As private insurers continue to recalibrate their strategies to avoid overexposure to risk in cases of catastrophic mass-scale cyber events, there are growing calls for a greater federal role, including in the provision of insurance, in response to such events. The new strategy states that the federal government could be called upon to stabilize the economy and facilitate recovery and that the administration will assess possible federal insurance structures to support the cyber insurance market.

Focus on Capacity Building

The strategy highlights the hundreds and thousands of unfilled vacancies in cybersecurity positions nationwide and resolves to develop a national strategy to strengthen the U.S. cyber workforce. Recognizing that recruiting and training the next generation of cybersecurity professionals will require federal leadership, the document lays out plans to develop a National Cyber Workforce and Education Strategy to take a comprehensive and coordinated approach to expanding the national cyber workforce, improving its diversity, and increasing access to cyber educational and training pathways.

Establishing an effective cybersecurity workforce has been a thorn in the side of almost every country in the world. Standing as the lone cyber superpower, how the U.S. tackles this challenge will remain of great interest to all others.

Focus on International Partnerships

As the world watches the accelerating tech decoupling between the West and China, the focus on international partnerships is bound to take on increasing significance.

Aiming to rejuvenate U.S. cyber diplomacy on international platforms, the new strategy reinforces the applicability of existing international law and calls for upholding globally accepted voluntary norms of responsible state behavior during peacetime in cyberspace. It reaffirms the focus on securing global supply chains and commits to building on the National Strategy to Secure 5G in collaboration with partners around the globe. This underlines the U.S. commitment to international partnerships on cyber issues, emphasizing the importance of working with allies and partners to build a defensible, resilient, and values-aligned digital ecosystem. The strategy highlights that, through multilateral mechanisms like the Quad, AUKUS, Indo-Pacific Economic Framework for Prosperity, and the Americas Partnership for Prosperity, the U.S. and its international allies and partners are advancing shared goals for cyberspace.

Taking note of the supply chain disruptions during the pandemic, the new strategy aims to secure global supply chains for ICT and OT products and services. Considering the emerging tech war and decoupling between China on the one hand and the West and many of its partners on the other, the new strategy mentions that the U.S. is partnering with allies to develop trustworthy and reliable supply chains for 5G and other critical technologies.

Data-Driven Implementation

The new strategy states that the U.S. is laying the foundations for real-time global collaboration by leveraging vast amounts of data and computing power that will unlock scientific discoveries. The federal government will take a data-driven approach toward the implementation of the new strategy and will measure investments made, progress toward implementation, ultimate outcomes, and the effectiveness of these efforts.

Opportunities for Partners and Allies in the Middle East

The U.S. cybersecurity strategy provides a framework for Washington to collaborate with its Middle Eastern partners in sharing threat intelligence and other critical information with the aim of identifying and addressing potential cyber attacks before they occur. Additionally, the U.S. can help build up its Middle Eastern partners' cyber capabilities through training and technical assistance, including establishing cyber defense teams, improving network security, and sharing cybersecurity best practices. In an even more advanced level of cyber cooperation, regional partners and the United States could jointly conduct cyber exercises to enhance their capabilities and coordination in responding to cyber attacks from malicious actors. The U.S. could also work closely with regional partners to develop norms of behavior for cyberspace, promote regional cooperation on cybersecurity, and address the malicious use of cyber tools.

Conclusion

The National Cybersecurity Strategy 2023 should be recognized as the product of U.S. ambitions to continue to shape the future of global cyberspace, which is highly dependent on U.S. infrastructure. The highlighted themes and objectives are consistent with how Washington is navigating the global technological decoupling and will surely support the U.S.s economic resilience and cybersecurity in an age of multipolar global disorder. As recognized in the strategy, national cybersecurity cannot be future-proofed, and the governments response to current threats and those not yet conceived will rely on the ability of government agencies, regulators, the private sector, and users to collaborate on the Biden administrations approach.

In looking forward, implementation will be a key concern for this strategy and its impact on tech manufacturers, service providers, and users. The successful implementation of this strategy will dictate the security and resilience of U.S. cyberspace and also shape broader dynamics, as allies look to follow suit and adversaries look to use cyber tools to threaten U.S. security. The potential for the strategy to result in inclusive regulation will depend on how quickly and effectively lawmakers and the private sector can align on the tenets of the Biden administrations approach. Considering the diversity of ways in which private sector entities are relevant to the strategy and its proposed policy approaches, this could be simple in some areas but remain complex in most.

Divyanshu Jindal is a Non-Resident Scholar with MEIs Strategic Technologies and Cyber Security Program and a Research Associate at NatStrat, India. His work focuses on the geopolitics of tech and cyber and Indias cyber diplomacy.

Mohammed Soliman is the director of MEIs Strategic Technologies and Cyber Security Program, and a Manager at McLarty Associates MENA Practice. His work focuses on the intersection of technology, geopolitics, and business in emerging markets.

Photo by Celal Gunes/Anadolu Agency via Getty Images.

The Middle East Institute (MEI) is an independent, non-partisan, non-for-profit, educational organization. It does not engage in advocacy and its scholars opinions are their own. MEI welcomes financial donations, but retains sole editorial control over its work and its publications reflect only the authors views. For a listing of MEI donors, please click here.

Visit link:
The 2023 National Cybersecurity Strategy: How Does America Think ... - Middle East Institute