Along with a new president come new challenges. And now, all eyes are on President Joe Biden, as everyone is anxiously waiting for his strategies and directions.
From a broader political perspective, cyber threats are an essential part of the national security strategy. And the Biden administration sure has its work cut out, as 2020 ended with the infamous SolarWinds hack. Labeled as one of the biggest attacks in history, it revealed that America is targeted by super-advanced espionage techniques.
The wide-scale attack drew Biden’s attention, as he ordered a SolarWinds intelligence assessment. Many security specialists applauded this step, but there are still plenty of points on the digital agenda waiting to be dealt with.
Let’s find out more about the cybersecurity challenges the US will have to withstand.
New Appointments to the Cybersecurity Force
This is not Biden’s first time at the rodeo, as he also dealt with cybersecurity issues during his vice-president tenure in the Obama era. Chinese espionage, encryption as well as the Russian involvement in the election were the main troubles back then.
Recently, the President recognized that cybersecurity is “one of the preeminent challenges of our time.”
We’ve elevated the status of cyber issues within our government,” Biden said as part of a national security speech at the State Department. “We are launching an urgent initiative to improve our capability, readiness, and resilience in cyberspace.
According to the Biden administration, allocating resources for cybersecurity was never a priority under Donald Trump’s command, but they stressed this needs to change.
The Biden administration has agreed to offer funds for the following areas:
- Over $10 billion in cybersecurity and information technology funds. These are part of the $1.9 trillion COVID-19 recovery proposal, describing the nation’s cybersecurity as in crisis.
- $690 million for the Cybersecurity & Infrastructure Security Agency (CISA). The sum should help boost agencies’ cyber-defenses and pilot a new shared security and cloud computing service.
- A $25 million federal grant to support cybersecurity education, especially at colleges and universities. The aim is to encourage students to pick careers in the field.
One theme from hearing so far: interest in making CISA the civilian fed govt's network defender. Not just helping, but actually supervising improvements to agencies' networks.— Eric Geller (@ericgeller) February 10, 2021
One suggestion made: let agencies offload accountability to CISA in exchange for giving up authority.
The President also mentioned he would launch an “urgent initiative” to improve the nation’s cybersecurity against adversaries like Russia and China.
So far, Biden’s administration has appointed new professionals to key positions. Significant name changes within the cyber and security state organizations include:
- Anne Neuberger, the former director of the National Security Agency’s Cybersecurity Directorate, becomes the new deputy national security adviser for cyber and emerging technology.
- Chris DeRusha, a former cybersecurity official during the Obama presidency, is the new government’s Chief Information Security Officer. DeRusha also worked for the Biden campaign to prevent a repeat of the 2016 Russian hacking.
- Michael Sulmeyer becomes Senior Director for Cyber within the National Security Council (NSC).
- Caitlin Durkovich is now the Senior Director for Resilience and Response at the NSC.
- Elizabeth Sherwood-Randall and Russ Travers are the new Homeland Security Advisers.
What’s more, President Biden will open a cyber-focused office reporting to a new National Cyber Director. The office will coordinate the federal government’s vast cyber capabilities.
The American Cybersecurity Strategy Plan
The 2018 National Cyber Strategy was the first US cybersecurity strategy issued in 15 years and the second in its history. An essential part of the plan was the authorization of the bipartisan Cyberspace Solarium Commission.
Inspired by Dwight Eisenhower’s “Project Solarium,” the cyberspace commission was further enacted in 2019 under the National Defense Authorization Act. The commission focused on “developing a consensus on a strategic approach to defending the United States… against cyber-attacks of significant consequences.”
Yet, the Cyberspace Solarium Commission’s report concludes:
“We must get faster and smarter, improving the government’s ability to organize concurrent, continuous and collaborative efforts to build resilience, respond to cyber threats, and preserve military options that signal a capability and willingness to impose costs on adversaries.”
The report mentions quantum computing and security threats to space assets as some of the toughest future challenges for the long run.
The recently updated Cyberspace Solarium Commission report outlines some recommendations for the Biden administration:
- Disrupt and deter adversaries from carrying out effective cyberattacks.
- Integrate cyber centers and create a joint cyber planning office within CISA.
- Safeguard high-tech supply chains.
- Upgrade management of cybersecurity activities.
The White House expects tech start-ups and private industry to work with government agencies and develop artificial intelligence and quantum computing products that could block cyber threats.
Creating the Blueprint for Addressing Cybersecurity Challenges
The first year of the pandemic came along with unanticipated and underrated cybersecurity challenges and a rise in cybercrime. In the US alone, internet traffic increased by 40%, increasing the need for security and reliability in the digital ecosystem.
Better Defenses Against Supply Chain Attacks
In response to the SolarWinds hack, an alleged Russian spying operation, President Biden has emphasized the need to get to the bottom of it. He also stated he would further apply a new approach to multiple supply chain security initiatives.
Security specialists believe Biden’s choice to respond to Russia could shape the first year of the new administration’s cybersecurity work.
Faster Response Time to Ransomware Attacks
As a growing cyber-crime, ransomware is also a challenge for the Biden administration.
Learn what is ransomware and how to protect yourself against it.
Preventive ransomware measures should include:
- Backing up IT resources and data.
- Clear step-by-step plans when disruptions to computer systems occur.
- Organizations training in realistic cyber response plans.
More Efficient Fake News Tackles
The COVID-19 crisis highlighted the fact that foreign influence operations go beyond political campaigns and elections.
For example, China has been spreading fake news about the origin of the coronavirus. Meanwhile, Russian and Iranian sources have also been fabricating conspiracy theories about the pandemic.
The situation calls not only for identifying fake news but actively fighting against it.
A few other privacy-conscious measures many American people expect include:
- The reformation of Section 702 of the FISA Amendments Act that permits the warrantless electronic surveillance against non-US targets outside the country.
- Changes in the Lawful Access to Encrypted Data Act (LAED). The act currently gives The Justice Department the freedom to request device manufacturers or communication providers to decrypt data.
- A reconsideration on a proposed rulemaking to expand the collection of biometrics from applicants for immigration benefits.
Scoop: Virtually every team in the National Security Council, from technology to global health to international economics, will incorporate China into their work.https://t.co/viCAPtoaU5— B. Allen-Ebrahimian (@BethanyAllenEbr) February 2, 2021
An Executive Order to Boost Cyber Resilience
In May, President Biden introduced an executive order to increase the overall cyber -resilience and cybercrimes management solutions provided by the federal government.
The decision came as a response to recent incidents and vulnerabilities such as the ransomware attack on Colonial Pipeline, the FBI removing web shells from US servers, and the SolarWinds attack.
The executive order compels all executive branch federal agencies to enforce cybersecurity best practices such as:
- a zero trust security model
- multi-factor authentication
- accelerated integration to secure cloud services
- data encryption at rest and in transit “to the maximum extent”
Agencies have 180 days to implement these procedures; those that fail to meet this deadline will need to provide a written explanation why not.
The order also mentions the need to remove any barriers in sharing threat information. This new policy states that all national agencies should collaborate with IT service providers and mutually share information about cyber threats and incidents. This requires legal stipulations that would eliminate any current contractual barriers.
Foreseeing a Better Response to Digital Attacks
Cybersecurity has been and will remain a top global threat for the foreseeable future. Case in point: all the hacking and influence operations taking place.
Now, America’s cybersecurity specialists are getting ready for a new fight, backed by a worried administration.
Let’s hope this will also translate into a safer digital space for all.
Do you believe the new US administration can tackle all the current cyber threats while also getting future-proof?
Let me know in the comments below.