RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2023/07/03 19:04:18

Information Security in the United States

Content

Cybercrime and cyber conflict in the US

Main article: Cybercrime and cyber conflicts: USA

Encryption viruses in the United States

Main article: Encryption viruses in the United States

2023

Former NSA chief becomes US cybersecurity director

On July 25, 2023, US President Biden appointed Harry Coker, a former head of the National Security Agency (NSA), to the post of national director of cybersecurity. His candidacy must now be confirmed by the Senate. Read more here.

Thousands of leaky GIS and devices found in US federal departments that can easily access government data

Hundreds of Internet-connected devices in the information infrastructure of US federal departments contain critical vulnerabilities. This is stated in a study by Censys, the results of which were released on June 28, 2023.

Experts studied the networks of more than 50 organizations of the Federal Civil Executive Branch. A total of more than 13 thousand different hosts were discovered, distributed over more than 100 autonomous systems associated with these structures. A variety of devices have been identified - from routers and firewalls with an open configuration to virtual private networks with remote access vulnerabilities.

Thousands of leaky GIS and devices found in US federal departments

Censys researchers searched for public remote control interfaces related to network equipment. Such devices are often used by cybercriminals as an access point to the IT network of the attacked organization. During the audit USA , more than 150 copies of the outdated, software including Microsoft IIS OpenSSL the Exim, were identified in the systems of federal departments. Experts have discovered devices Barracuda Email Security Gateway containing a critical zero-day gap. In addition, experts have found several unprotected file transfer services and more than 10 hosts that reveal lists of file system directories.

In general, as noted, the study reflects an "alarming discovery" in government networks and serves as a reminder of the importance of regularly checking IT systems for vulnerabilities. The findings come after the Cybersecurity and Infrastructure Protection Agency issued a binding operational directive requiring all federal civilian agencies to remove devices with public control interfaces from their networks.[1]

The Pentagon has developed a secret cyber strategy

May 26, 2023 U.S. Department of Defense presented To the congress a secret cyber strategy. The document, it is stated, is based on many years of real experience in conducting large operations in the information space.

One of the main goals of the 2023 strategy is the suppression of "malicious cyber activity" before it can have a negative impact on. An IT infrastructure states official unclassified bulletin released by the Pentagon states that the strategy takes into account the current geopolitical situation and how cyber capabilities can be used to influence opponents in large-scale conflicts.

Pentagon unveils secret cyber strategy to Congress

The authors of the document say that threats to the United States in cyberspace can come from China, North Korea, Iran and Russia. In addition, it is noted that the constant danger is posed by "militant extremist organizations" and transnational criminal groups.

To counter existing and future cyber threats, several key areas of activity are highlighted. In particular, the US Department of Defense will interact with interagency structures in order to use all available opportunities to ensure cyber resistance of critical IT infrastructure and to counter threats. In addition, it is planned to collect detailed information about the sources of danger. It is also said about the creation of sustainable advantages in cyberspace: the US authorities intend to invest in intelligence operations, the organization of scientific work and the introduction of advanced technical solutions. Plus, the strategy involves active cooperation with allies - including to build up cyber potential. In general, the Pentagon intends to "work to prevent conflicts where possible and prevail where necessary."[2]

US president signs executive order banning authorities from using spyware

On March 27, 2023, U.S. President Biden signed a decree prohibiting the authorities from using commercial spyware that poses a threat to national security. Read more here.

US Cybercom ​ ​ Command has created its own intelligence center

In early March 2023, US Cybercom announced the creation of its own intelligence center, after the department relied on other sources of information collection for many years. Read more here.

2022

US authorities allocated $1 billion for grants for state information security projects

U.S. Department of Homeland Security (DHS) cyber security September 16, 2022 announced the first ever grant program for State, Local and Territorial Authorities (SLTs) across the country. The volume of the program is $1 billion. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) jointly manage grants, with CISA identifying the main funding objectives:

  • Objective 1: Develop and establish appropriate governance structures, including the development, implementation or revision of cybersecurity plans, to improve cybersecurity incident response capabilities and ensure continuity of operations.
  • Objective 2: To determine the current state of cybersecurity structures and the direction of their improvement based on ongoing testing, evaluation and systematic assessments.
  • Objective 3: Implement protective equipment commensurate with risk.
  • Objective 4: To ensure that the organizations' cybersecurity personnel are adequately trained to meet their responsibilities.

US authorities allocated $1 billion for grants for information security projects

All 50 states and 6 territories are eligible to apply for funds under the program. All 50 states, the District of Columbia and the Commonwealth of Puerto Rico will receive at least $2 million each, which is 1% of the total funds allocated by DHS in fiscal 2022, and four territories will receive $500 thousand each. The remaining amount will be distributed depending on the ratio of the population of each state or territory to the population of all states and territories, for example, California will receive $7.8 million, and Vermont, located at the other end of the list, - $2.3 million.

File:Aquote1.png
Developing this grant program is a big step toward providing federal resources to help state and local authorities strengthen their cybersecurity defenses, says CSO Stacey O'Mara, senior director of government relations at Mandiant.
File:Aquote2.png

File:Aquote1.png
The required cybersecurity plans under the program will be approved for a two-year period and then reviewed annually to ensure that government organizations use investments made in previous grant years, thereby enabling the development of cybersecurity systems, O'Mara said.[3]
File:Aquote2.png

US Presidential Administration: The country lacks 700 thousand. IB-specialists

On July 18, 2022, the US presidential administration reported a large shortage of information security specialists in the country, which poses a threat to national security.

File:Aquote1.png
Given that approximately 700 thousand vacancies in the field of cybersecurity are currently not filled, America faces a national security challenge, for which we must take active measures, the White House said in a statement.
File:Aquote2.png

The United States lacks 700 thousand. IB-specialists

It also says that on July 19, 2022, a meeting of representatives of various departments of the federal government was scheduled in the US presidential administration, at which issues of training specialists in the field of cybersecurity and attracting new personnel will be discussed. The event was planned personally by Chris Inglis, director of cybersecurity for the US presidential administration.

As one of the possible solutions to the personnel problem, personnel training is called not only at the undergraduate program, but within the framework of secondary special education programs. According to American experts, not all information security specialists need four years of study at the university to fulfill their tasks.

According to Dan Weeks, director of employer partnerships at Fullstack Academy, cybersecurity employers in the United States are in dire straits in tight budgets by July 2022, as they tend to be a cost center rather than a profit center, as is the case with software organizations.

File:Aquote1.png
Experienced information security specialists often do not have time to mentor and develop entry-level talents to outperform competitors. In contrast, software organizations place a strong emphasis on adapting and mentoring entry-level employees, he noted.[4]
File:Aquote2.png

2021

US Congress approves $770 billion defense budget

In December 2021, the House of Representatives of the US Congress adopted a draft defense budget for the country of $770 billion for fiscal 2022. Some of the money will go to ensure national information security, namely:

  • $654.8 million - for "cyberspace operations," including measures to minimize risks to critical infrastructure;
  • $726.2 million - for cybersecurity, taking into account spending on minimizing risks to cybersecurity supply chains;
  • $474.7 million - for the development of 5G networks for defense purposes;
  • $100 million - for the development of quantum technologies.

US Congress approves $770 billion defense budget

The bill approved by congressmen after that began to be considered by the Senate, but due to disagreements between Republicans and Democrats, it was never approved. In this regard, representatives of the relevant committees of the upper and lower chambers of Congress prepared a new, compromise version of the draft budget. It was approved in the Senate.

This bill provides for the creation of a research network in the field of microelectronics and obliges defense contractors to revise the sources of supply of printed circuit boards in some systems.

In addition, the initiative is designed to eliminate duplicate IT contracts of the US Department of Defense. By May 31, 2021, the department will have to report to Congress on the results of this work.

Another innovation is that IT and data executives at the Pentagon will have to develop a plan to consolidate the IT systems used in the defense industry. Some systems may be decommissioned.

Also, the draft law on the defense budget provides for the expansion of the role of the US National Guard in cyberspace. It is assumed that this type of armed forces, among other things, will assess the level of cyber defense at critical infrastructure facilities.[5]

US authorities allocated $1.9 billion for the country's cybersecurity

In early November 2021, the House of Representatives of the US Congress approved an infrastructure bill for $1.2 trillion, which provides for the allocation of $1.9 billion to ensure the country's cybersecurity. 228 congressmen voted for the adoption of the bill, which has already received the approval of the Senate, 206 against.

The law on financing infrastructure projects provides for the allocation of almost $2 billion to funds supporting cybersecurity initiatives in the United States. Of this amount, $1 billion is allocated to create a new grant program to improve the cybersecurity of authorities at all levels.

The US government has allocated $1.9 billion for the country's cybersecurity

The funds will be disposed of by the Federal Emergency Management Agency (FEMA), which administers existing Department of Homeland Security (DHS) grant programs, over a four-year period beginning in fiscal 2022. The Cybersecurity and Infrastructure Protection Agency (CISA) will act as a subject matter expert in the allocation of funds. The bill also provides for the annual allocation of $100 million over five years for the response of the federal authorities in the event of cyber attacks on public and private companies.

In addition to cybersecurity, the bill also includes an increase in infrastructure costs by $550 billion, of which $110 billion will be used to restore roads, $73 billion for the power grid and $66 billion for the development of railway communications. In addition, the document talks about the costs of expanding broadband Internet access, improving the water supply system, public transport, as well as implementing initiatives to protect the environment from the impact of climate change.[6]

Notes