One Year After the release of the Biden administration’s National Cybersecurity Strategy
Published in the March 8, 2024 Morning Cybersecurity Newsletter
The strategy has helped spark action and raise awareness around protecting critical infrastructure from cyber threats. Agencies like CISA have kicked into high gear, conducting nearly 6,700 interactions in 2023 with organizations or systems that could be potentially targeted for cyberattacks.
The U.S. has also made cyber inroads internationally — a key pillar in the strategy — which includes working with Indo-Pacific allies to boost undersea cable security and gearing up to launch the State Department’s international cybersecurity strategy in the coming weeks.
National cyber director Harry Coker said in a blog post this week that “federal agencies have made progress on all 69 initiatives” with more than 20 already completed.
And let’s not forget another major win: scoring new and free logging data for federal agencies from Microsoft — putting the onus on big tech providers over private industry to take more of the burden on security, a key strategy goal.
But translating that messaging into actual improved cyber postures on the ground has been tougher in some sectors due to reluctance among many firms to undergo full evaluations and develop comprehensive cyber plans.
“The slow uptake by some entities to establish baselines and develop security roadmaps points to resource constraints, both financial and in terms of skilled personnel needed to comply with regulatory standards,” Patrick Gillespie, the practice lead for operations technology at GuidePoint Security, tells MC. Gillespie says the hesitation points to delays in directives and legislation particularly for “covered pipelines” in the water sector. It’s visible more than anywhere now in health care, where the long-awaited security rules [go.politicoemail.com] from the Department of Health and Human Services for protecting patient data have yet to materialize despite heavy ransomware threats.