The U.S. federal government has sharpened its focus on cybersecurity in recent months; the Department of Defense released its zero trust strategy and roadmap at the close of 2022, and the Biden-Harris administration debuted a new national cybersecurity strategy just last week.
In a statement published March 2, 2023 the White House said the country must “reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society,” in what it calls a “decisive decade.”
The policy document places more responsibility on commercial companies, software providers and government contractors to ensure that their own systems are resilient and secure, and it also calls for the FBI and the DOD to increase their efforts to thwart cyber attacks.
Here’s what the new guidance says about cloud, its role in the cybersecurity conversation and its impact on innovation within the government:
Join the critical conversation about cloud, cybersecurity and national security happening this month. The ExecutiveBiz Cloud Security Forum on March 22 features the DOD’s Dave McKeown and other leading voices in the cloud discourse from government and industry. Register here.
CSPs to Take Accountability in Critical Infrastructure Cybersecurity
One of the strategy’s main objectives is to establish cybersecurity requirements that ensure national security and better protect the country’s critical infrastructure. As cloud service providers play an exponentially increasing role in these critical sectors, their responsibility for ensuring operational resilience grows.
The document places more accountability on the commercial sector and the cloud companies that provide services to critical infrastructure sectors to lead the industry in cybersecurity practices and standards.
“The Administration will identify gaps in authorities to drive better cybersecurity practices in the cloud computing industry and for other essential third-party services, and work with industry, Congress, and regulators to close them,” the strategy states.
Cloud Migration Accelerates Legacy System Replacement
The new White House policy calls attention to the Office of Management and Budget’s zero trust architecture strategy, which directs federal civilian executive branch agencies to adopt cloud security tools, better manage authorization and access and implement tools to see and secure their networks.
However, the Biden administration notes in the document that “these and other cybersecurity goals cannot be achieved unless Federal IT and OT systems are modernized so they are capable of leveraging critical security technologies.”
In response, the OMB is tasked with developing a multi-year plan to accelerate technology modernization and cloud migration while eliminating all outdated legacy systems that are incapable of moving to a zero trust framework.
“Replacing legacy systems with more secure technology, including through accelerating migration to cloud-based services, will elevate the cybersecurity posture across the Federal Government and, in turn, improve the security and resilience of the digital services it provides to the American people,” according to the strategy.
Mitigating Threats that Exploit Cloud Infrastructure
The guidance also sheds light on the drastically rising threats facing U.S.-based cloud infrastructure and calls on government agencies to play a more active role in shutting down cyber attacks and preventing them from even happening at all.
“The Federal Government will work with cloud and other internet infrastructure providers to quickly identify malicious use of U.S.-based infrastructure, share reports of malicious use with the government, make it easier for victims to report abuse of these systems, and make it more difficult for malicious actors to gain access to these resources in the first place,” the document says.
Increased Cloud R&D Efforts
The new strategy increases the amount of research and development efforts focused on cloud, as well as other areas like AI and telecommunications.
“Departments and agencies will direct RD&D projects to advance cybersecurity and resilience in areas such as artificial intelligence, operational technologies and industrial control systems, cloud infrastructure, telecommunications, encryption, system transparency, and data analytics used in critical infrastructure,” states the policy.
Learn more about cloud technology’s role in cybersecurity during the Cloud Security Forum hosted by ExecutiveBiz on March 22. Click here to register.