At a glance.
- Planning for implementation of Biden's national cyber strategy.
- US cybersecurity looks to the cosmos.
Planning for implementation of Biden’s national cyber strategy.
While speaking at the RSA Conference this week, Acting National Cyber Director Kemba Walden said that a plan to enact the US’s recently released national cyber strategy could be unveiled by early summer. As the Record explains, Walden’s office, in collaboration with the Office of Management and Budget, will be overseeing implementation of the strategy, which came out just last month. After explaining that officials had been working on assigning roles and responsibilities, Walden stated, “When this implementation plan is published, it's not going to be sexy. It's really going to be about who's accountable for what, who's responsible for what in the policy making process.” She went on to say that creation of the implementation plan would be inclusive of voices outside government, and that it would be “dynamic and interactive,” changing as tasks are completed. OnShore Security notes that although the implementation plan has not yet been released, there are things corporations and cybersecurity organizations can prepare for now. For example, new legislation can be expected to uphold the strategy’s goal of shifting responsibility for cybersecurity from users and smaller businesses to the larger corporations that drive most tech development. Experts say businesses can make provisions now for the expected changes by taking inventory of their organization’s cloud-based infrastructure and data vendors, developing a plan to meet security requirements, and becoming familiar with the company’s cyber insurance policy.
US cybersecurity looks to the cosmos.
At the conference Walden also announced that she’ll be going to Long Beach, California to talk to local firms about their views on cybersecurity of the space sector. The Washington Post reports that Russia’s attack on US firm Viasat’s European satellite network last year has made securing the space ecosystem a focus for lawmakers. Walden stated, “We are all aware that the first ‘shot’ in the current Ukraine conflict was a cyberattack against a U.S. space company. So, there is strong agreement across public and private sectors that this is urgent and requires high-level attention.” As well, earlier this week leaked documents confirmed that US lawmakers are concerned about vulnerabilities in the space sector, and that China is working on cyberweapons capable of taking over other nations’ satellites. Walden went on to say that the space cybersecurity effort would require collaboration between government and the private sector, and that the diffuse nature of the space ecosystem – which includes not only the base stations that communicate with satellites, but also the startups that are taken over by larger tech firms and the venture capital firms that provide funding – means a “security-by-design” approach will be essential. Last month, Walden’s office and other agency leaders met with members of the space industry to discuss threats to the sector. The Commerce Department has plans to host a symposium on the topic, and the National Institute of Standards and Technology is working on a report demonstrating how its cybersecurity framework can be applied to space. The Cyberspace Solarium Commission has recommended that space be included in the federal government’s list of critical infrastructure, and while it’s unclear whether this will happen, Walden stated, “The benefits of having something designated as critical infrastructure really are being able to organize and have people at the table having policy conversations. We’re doing that anyway, whether space systems are designated or not.”