Dive Brief:
- The Biden administration plans to launch aggressive actions to enhance cyber resilience across key critical infrastructure sectors, including the healthcare and water sectors, which were the targets of significant threat activity in recent months, according to a report released Tuesday by the Office of the National Cyber Director.
- The U.S. wants to speed the flow of intelligence sharing and facilitate closer cooperation with the private sector. The administration also plans to enhance its ability to proactively disrupt threat activity and take down malicious actors.
- “We are in the midst of a fundamental transformation in our nation’s cybersecurity,” National Cyber Director Harry Coker Jr., said in a statement. “We have made progress in realizing an affirmative vision for a safe, prosperous and equitable digital future, but the threats we face remain daunting.”
Dive Insight:
The report, released Tuesday as the cybersecurity community gathered at the annual RSA Conference in San Francisco, highlighted major improvements in the nation’s cybersecurity posture since the launch of the national cybersecurity strategy last March.
There is a significant threat from Volt Typhoon, a China-affiliated threat group, that has actively targeted U.S. critical infrastructure providers for destructive cyberattacks as a diversion from potential military action in the Asia Pacific region, the report said.
Ransomware groups are ramping up double and triple extortion activity against U.S. organizations, too, the report said.
The examination of the U.S. cybersecurity posture arrived as officials released an update on the administration’s cyber implementation plan.
The U.S. still needs additional work to help strengthen the resilience of its private sector partners, which own and operate much of the nation’s critical infrastructure. Among the concerns are enhancing the risks of using aging technology, both in the government and critical infrastructure sectors, in terms of being vulnerable to sophisticated attacks.
“The posture report repeatedly highlights the ongoing migration of government, business and utilities to cloud service providers as both a positive step and one that requires greater attention to detail on the security front,” said Mark Montgomery, senior director at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies.
The administration is taking steps to improve the resilience of private sector partners, including the U.S. Cyber Trust Mark program, which is designed to highlight secure technology products and an industry pledge through the Cybersecurity and Infrastructure Security Agency to develop secure software.
However analysts raised questions whether the administration will be able to truly gain full cooperation from the private sector moving forward.
“To make progress in the war against cyber insecurity, the White House will need to engage and harmonize,” Katell Thielemann, distinguished VP analyst at Gartner, said. “At the moment, private industry feels a deluge of new mandates coming from all corners.”