Between the ongoing Russian invasion of Ukraine, heightened tensions between China and Taiwan, and growing number of attempts to critical infrastructure such as power plants and water processing facilities, the US federal government has a lot to monitor in cyberspace. MITRE, the not-for-profit tech and engineering consultancy, outlined a set of priorities for the next presidential administration to focus on — regardless of who wins the 2024 election.
MITRE’s memo “Don’t Trust but Verify: Strengthening U.S. Leadership To Safeguard Our Cyber Defenses” identified areas the next presidential administration will need to prioritize, such as advances in quantum computing, protecting critical infrastructure, clarifying leadership roles, and implementing a zero trust framework within the federal government.
Priority 1: Protect critical infrastructure. In the first priority, MITRE called for the US Department of Homeland Security (DHS) to update recovery plans for the sector within six months and add such attacks to its National Preparedness System. MITRE also said DHS should start running simulations akin to natural disaster drills that can hammer out reactions like a company rehearsing its incidence response plan. MITRE also said to upgrade legacy systems so that they can handle zero-trust principles such as microsegmentation and to enforce the use of software bills of material (SBOMs), even expanding them to list out “cryptographic details.” Within 90 days, MITRE added, the federal government should identify ways to support local and state governments with their own security practices.
Priority 2: Implement zero trust and SBOMs. To protect critical infrastructure, the federal government should fully migrate to zero trust and require secure software development via SBOMs within the first six months of the new administration, said MITRE.
Priority 3: Prepare for quantum computing. The third priority, MITRE said, is to get ready for cryptographically relevant quantum computers. Within six months, again, the federal government should assess its own readiness for post-quantum cryptography (PQC) based on National Institute of Standards and Technology (NIST) standards, which are well on their way in the private sector. The government can use cryptographic information from SBOMs to identify which systems need upgrading. MITRE also suggested an industry group it formed, PQC Coalition, as a source of expertise in making commercial and open source software compliant with NIST’s PQC standards.
Priority 4: Clarify and strengthen authorities. The final of the top four priorities MITRE identified is to focus the roles and responsibilities of cybersecurity leaders and organizations. Within the first 90 days, the memo said, the new administration should comprehensively map out and clarify the authority, roles, and responsibilities regarding cybersecurity of personnel across key government offices, and expand authority as needed. Finally, MITRE suggested spinning out the Cybersecurity and Infrastructure Security Agency (CISA) as an independent agency rather than keep it within the DHS.
This post was originally published on the 3rd party site mentioned in the title of this this site