Government operates at roughly three levels: municipal, state, and federal. At each level, there is a wealth of valuable information that must remain private either for individual citizens’ protection or national security reasons.
However, when the military’s research wing, Defense Advanced Research Projects Agency, or DARPA, created the “ARPANET,” they laid the cornerstone for the modern Internet that everyone uses today, and everything changed. The ability to send, receive, and access information online made data-based technologies much more efficient but also much more vulnerable. Ever since then, cybersecurity has been a major concern, as it should be.
CISA At Work
In 2018, the government formed a new organization known as the Cybersecurity & Infrastructure Security Agency, or CISA. As the name suggests, this new agency is dedicated to preserving the cybersecurity integrity of government digital infrastructure and other key infrastructure systems that may rely on government systems.
Since its formation, the agency has been evaluating the state of cybersecurity in the United States, and in September of 2022, it presented its strategic plan, which comprises two main spearheads.
Risk Reduction
The first and most important is reducing the vulnerability of various American government digital systems and making them more robust against cyberwarfare, both against private individuals and state-sponsored actors. 2022 has already demonstrated the importance of digital infrastructure as the world witnessed Russian hackers attempt to destabilize Ukrainian infrastructure, such as power generation, during their invasion. Large-scale intrusions have occasionally victimized various corporations and even medical facilities over the years that, compromised the private data of thousands of people. These are all lessons CISA is taking into account for the government’s own cybersecurity.
Resilience
Another key factor is the ability to respond in the event that a system is compromised and a disruption occurs. It’s not enough to create defenses to repel digital incursions; plans must be in place to respond and recover should a compromise occur. Any organization that has no precautions in place for a breach of defense can make a recovery extremely difficult, sometimes even impossible, if there was never a recovery plan in place and the entire system relied on never failing.
To this effect, CISA has worked on recognizing critical infrastructure, looking at the vulnerabilities in place for those systems, and working quarantine and recovery processes to aid in hastening the restoration of critical functions.
All of these cybersecurity measures encompass newer protocols, such as passwordless authentication systems. If you’re interested, you can learn more here about Nok Nok’s multifactor authentication technology and passwordless security measures.
