The new president of the United States, Joe Biden, has made plans to improve cybersecurity throughout the U.S. government. Last month the U.S. was heavily affected by the SolarWinds data breach which affected the U.S. Departments of Treasury, Commerce, Homeland Security, and State. Other breached entities include cybersecurity company FireEye, Microsoft, and of course, the IT company at the center of the incident, SolarWinds. SolarWinds stated that they believe 18,000 of their 300,000 customers were infected as a result of this data breach, making it one of the largest and most impactful cybersecurity breaches of 2020.
Following the SolarWinds incident, which was attributed to Russian hackers, many CISOs and the U.S. government as a whole got a reminder of how important cybersecurity is. In fact, these types of attacks by foreign governments are not new. Under the Obama administration there was confirmation of the White House being recorded and Russian tampering of the U.S. elections. There are countless examples of nation-state hacking. The Biden administration has taken a strong stance on changing this and has outlined several cybersecurity initiatives amounting to a $10 billion investment in government cybersecurity.
Part of this includes hiring a group of national security experts to improve cybersecurity nationwide. Under the Trump administration, cybersecurity was demoted as a policy field and cybersecurity positions within government were reduced. This $10 billion investment serves to undo this and move the United States towards a more secure future, you can read more about this initiative here.
While $10 billion may sound like a large sum of money, some people don’t think it is nearly enough. One notable person was Tom Kellermann, Head of Cybersecurity Strategy for VMware. He stated that this should be considered a “down payment” towards a much larger investment in cybersecurity. He suggested that the number should be $100 billion over time, suggesting that the U.S. has a long way to go before their government cybersecurity programs are considered up to par. You can read more about his take on the situation on his podcast here.
Joe Biden’s cybersecurity team is going to be composed of both government and commercial security experts. This balance is important because government experts will be familiar with current government practices, the vulnerabilities associated with those practices, and the unique threat that nation-state actors pose to the U.S. government. The commercial security experts can provide expertise on innovation and newer solutions that could be useful in modernizing the U.S. government’s approach to fixing their inherent vulnerabilities. This is a direct result of being in the private sector where you have to innovate quicker and be more efficient to stay ahead of the competition. The experience of the government security experts combined with the modern tech and solutions of the private sector could help the U.S. greatly improve their cybersecurity practices.
Joe Biden is proposing a big commitment to improving cybersecurity within the U.S. According to bankinfosecurity $9 billion will be dedicated to helping the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the General Services Administration (GSA) complete cybersecurity and IT modernization projects. While the other $1 billion will be spread across several projects throughout the government. Notably $200 million will be dedicated to hiring security experts.
While money may not be a problem anymore, available expertise might be. During a Forcepoint podcast, Phil D’Ango (VP of Sales – Data Protection and Insider Risk Solutions) discussed why millennials aren’t joining cybersecurity as much as people might expect. This contributes to the overall deficit of cybersecurity professionals in the U.S. that is estimated to be around half a million. It’s sad to imagine, but the biggest vulnerability that our government faces may be a lack of skilled cybersecurity professionals.
Do you want to learn more about cybersecurity? Please subscribe to our newsletter.