The Biden administration is shoring up its cyber defences by implementing a “zero trust” cybersecurity strategy for federal agencies and demanding an “intense focus” on cyber threats from the National Security Agency (NSA) and US Cyber Command. The changes reflect the heightened importance of cybersecurity to the government in the wake of some high-profile attacks on US businesses and infrastructure.
On Tuesday the leader of the NSA and the US Cyber Command General Paul Nakasone told the Associated Press that US government specialists are mounting a “surge” against cyberattacks targeting the public and private sectors. “Even six months ago, we probably would have said, ‘Ransomware, that’s criminal activity,’ but if it has an impact on a nation, like we’ve seen, then it becomes a national security issue,” he said. “If it’s a national security issue, then certainly we’re going to surge toward it.”
Why is the US bolstering its cyber defences?
Attacks such as those on Colonial Pipeline and the meat processing company JBS have focused minds on the importance of cybersecurity. As part of this renewed focus, the Biden administration has released the blueprints for a zero-trust cybersecurity initiative to be implemented across all federal agencies.
Both announcements are indicative of a considerable concentration on online security, and could be part of a wider cybersecurity strategy termed ‘persistent engagement’, implemented by the Pentagon-led US Cyber Command, says Franz-Stefan Gady, fellow at UK think tank the International Institute for Strategic Studies (IISS). “General Nakasone’s comments about mounting a surge to fight cyber incursions are in line with US Cyber Command’s strategy of ‘persistent engagement,’ which may include pre-emptive cyber operations against networks of malicious actors in cyberspace,” he says.
Persistent Engagement is a two-pronged strategy that is designed to minimise the risk of an attack by reducing the abilities of threat actors to carry out an offence, while also lessening opportunities to infiltrate their systems.
Will zero trust make a difference?
A zero-trust approach to security involves maintaining strict controls and not trusting anything by default, whether it originates from inside or outside of an organisation. Its introduction by the Biden administration "is part of a layered cyber defence approach the US is trying to implement," says Gady.
Max Heinemeyer, director of threat hunting at UK security company Darktrace, believes such tactics are "absolutely necessary" in today's security environment. "While it is not the silver bullet to protect against cyberattacks, zero trust is an important step in achieving cyber resilience that is required for any organisation today," he explains. "Instead of assuming trust – in suppliers, internal networks, the research department, VIPs – everything is questioned, with only the bare minimum of permissions granted, and security teams operating on the principle that they’re already breached.”
The multi-layered security approach outlined in recent weeks by the US government comes alongside a new willingness to work with the private sector when responding to cyberattacks, says Emily Taylor, associate fellow at thinktank Chatham House. She adds that some impressive recruitment has also bolstered the in-house security expertise at the government's disposal. "They've filled some of the top cyber positions with experienced practitioners, they've got a lot of experts," she says.