As one of the most contentious and unconventional U.S. election cycles in history staggers to a close, cybersecurity experts are shifting their focus from preventing cyberattacks on America's voting infrastructure to holistically beefing up national cybersecurity across all fronts.
The National Cyber Strategy is the official framework used by the U.S. government to secure American networks, systems, and data and to support a secure, thriving digital economy. The primary function of the National Cyber Strategy is to give the U.S. and its allies the freedom and resources to deter and punish cybercriminals while preserving an open, reliable, and secure internet.
The National Cyber Strategy was most recently updated by the Trump administration in 2018. But the world has changed a lot since 2018, and many of those changes have had a profound impact on cybersecurity.
As we move into a new year and a new presidential administration, there are several key priorities the updated National Cyber Strategy must focus on and address in 2021.
Eliminate Foreign Involvement in U.S. Elections
Foreign adversaries have a track record of attempting to influence U.S. elections to promote the candidate that aligns most with their national interests. Election interference comes in several forms, including disinformation campaigns, ballot tampering, data breaches, and full-scale attacks on the voting infrastructure.
The 2020 presidential election appears to have weathered interference attempts fairly well, due in large part to lessons learned from the rocky 2016 election. Going forward, national cybersecurity officials will have to maintain this high level of preparedness by tracking known threats and utilizing the latest technology to identify and neutralize evolving threats.
Enact Widespread COVID-19 Contact Tracing
In 2018, few people could imagine a global crisis like the one we endured in 2020. As COVID-19 spread around the world, contact tracing became an essential tool for mapping outbreaks and trying to reduce transmission of the virus.
At first glance, contract tracing apps seem like the ideal way to get citizens involved in the effort to get back to normal life as soon as possible. In reality, there has been pushback against contact tracing technology because of the perceived “Big Brother” privacy issues.
However, the larger security problem may be that these apps provide the perfect vehicle to spread ransomware to health and governmental IT systems.
To be really useful in controlling the spread of COVID-19, contact tracing data from every user’s app must be shared in real time with local, regional, and national health and government IT systems. This level of interoperability across so many key systems is irresistible to cybercriminals, and a successful breach could have catastrophic consequences on both data security and government and healthcare operations.
Enlist States’ Help in Cybersecurity Efforts
The U.S. Senate recently passed an amendment requiring the Department of Homeland Security to create a Cybersecurity State Coordinator position in every state to assist with cyber protection initiatives. This move allows the federal government to shift some cybersecurity responsibilities onto the states themselves, while still providing the necessary resources and technical knowledge to secure their systems or respond in the event of an attack.
State and local governments will work in concert with the federal government to ensure they are prepared to act quickly and efficiently to defend against the increasing number of ransomware and other cyberthreats against hospitals, businesses, and government agencies.
Secure Critical Infrastructure
Digital transformation within the 16 critical infrastructure sectors has created vulnerabilities that allow cybercriminals to infiltrate systems and disrupt services, with potentially catastrophic consequences to society and government.
The assets, systems, and networks of these critical infrastructures provide vital support to the United States. A successful attack on one or more of these sectors would have a far-reaching and debilitating effect on national security, potentially impacting everything from the economy to public health and safety.
Protect Hospitals and Healthcare Systems
In 2021, we can expect to see the upward trend of cyberattacks on healthcare organizations continue. Health data is worth more on the black market than financial data, such as credit card numbers, so these networks are attractive targets for ransomware operators.
The implications of a successful attack on a hospital or healthcare facility go far beyond a financial hit. Because downtime and data loss in these environments could be life or death, the healthcare sector is more likely than other industries to go against the advice of cybersecurity experts and pay the ransom, which only adds to their appeal for cybercriminals.
Beef Up Remote Workforce Security
When COVID-19 hit the U.S., millions of office workers suddenly became home-office workers with little to no security infrastructure to support them. These workers still needed access to company resources, which created millions of minimally secured endpoints offering easy pathways to mission-critical corporate and government data.
Until a vaccine is readily available and business returns to something resembling normal, IT security teams will need to continue to adopt secure remote access initiatives that allow employees to stay productive while keeping the company’s attack surface as small as possible.
Address Shortage of Cybersecurity Professionals
Compounding the challenges that need to be addressed in the updated National Cyber Strategy, there are not enough skilled cybersecurity professionals to meet the increase in demand for this skillset.
As cybercrime rates ratchet up, IT departments will be stretched even further, leaving security patches undone and creating additional vulnerabilities.
Although we are all counting on 2021 being far less eventful than 2020, now is not the time to let our guard down, especially when it comes to cybersecurity. Hopefully, the incoming administration will make protecting U.S. networks, information systems, and data a priority. In the meantime, download Your Guide to a Ransomware-Free Future to learn how to protect your organization from the inside.