At a glance.
- Cyber Defenders Council to promote American Defend Forward policies.
- Expected changes to US cybersecurity policy.
- CISA predicts major ramp-up in transition to EDR tech for federal agencies.
From the private sector: Cyber Defenders Council to promote American Defend Forward policies.
Since 2018, the US government has been employing a proactive “Defend Forward” strategy as a means to combat against foreign adversaries using cyber operations to further their national interests. Experts have identified that such a strategy could be used to to defend private organizations as well, and to support these efforts, Cybereason announces it will be sponsoring the Cyber Defenders Council, an independent group of global cybersecurity leaders from the public and private sectors focused on adapting Defend Forward deterrence strategies for the private sector. The Council will be publishing a series of reports detailing guidance for organizations deploying Defend Forward strategies focused on increasing the costs for threat actors and strengthening organizations’ defensive measures. Cybereason released his document explaining the Council’s mission and outlining the six main principles of Defend Forward policy.
Expected changes to US cybersecurity policy.
National Security Presidential Memorandum 13 (NSPM-13), US cybersecurity policy established in 2018 during the Trump administration, is expected to undergo a revamp in the coming months. In order to better understand NSPM-13 and the change to come, Lawfare chronicles the history of cybersecurity policy in the US, starting with Presidential Policy Directive 20 (PPD-20). Issued by former US President Obama in 2012, it is the first known White House directive focused on cybersecurity and the classified document was exposed to the public as a result of the Edward Snowden leaks.
Though NSPM-13 is classified, it reportedly requires less consensus from the federal government on time-sensitive cybersecurity decisions, instead giving authority to a delegation of officials under the Secretary of Defense. Fast-forwarding to now, sources say the Biden administration’s key changes to NSPM-13 be a requirement that the Department of Defense (DoD) inform the White House and State Department about any cybersecurity actions in order to make sure those actions do not interfere with with intelligence-gathering efforts or State Department relations with the nations involved. Opponents of such a change argue that it will stymie cybersecurity efforts by tangling them in unnecessary bureaucratic red tape, but supporters say it will provide the DoD with necessary guidance when making large-scale strategic decisions.
CISA predicts major ramp-up in transition to EDR tech for federal agencies.
In an executive order last year, US President Joe Biden mandated that all federal agencies deploy endpoint detection and response (EDR) technology in order to better track malicious activity. Dozens of agencies have already made necessary changes, and according to the Cybersecurity and Infrastructure Security Agency (CISA), that number is expected to drastically increase before the end of the fiscal year. SC Magazine reports that at Tuesday’s House Homeland Security Committee hearing, CISA executive director Eric Goldstein stated, “At this point we are in the process of deploying these EDR tools across 26 federal civilian agencies and expect to be underway at 53 agencies at the end of this fiscal year, only a few short months away. Which means not even a year-and-a-half after execution of the executive order, we will have EDR deployments in place underway at over half of the federal government, with more rolling out in the months to come.”
US federal chief information security officer Chris DeRusha also gave an update on the progress made so far in carrying out the zero-trust measures outlined in President Biden’s executive order, stating, “We picked a few of these measures that had the most impact and put the highest amount of priority you can have around them, metricking them, having engagements not just with CIOs and CISOs but senior agency leadership, multiple meetings with deputy secretaries tracking and measuring progress…and starting down the path of zero trust at agencies.”