Governments Urged to Get Back to Basics to Stay Ahead of Cybersecurity Threats
Global cybercrime costs are expected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. Government institutions are frequent targets for cybercriminals and state-sponsored actors, posing increasing risks to their systems and assets.
In a Global Government Forum webinar, expert panelists from the US federal government, the United Nations, and the private sector discussed strategies for improving cybersecurity and services for users.
Cybersecurity Challenges and Solutions
Paul Selby, Deputy Chief Information Officer and CISO at the US Department of Energy, delivered a sobering evaluation of the current state of cybersecurity. Despite years of industry focus on the topic, Selby remarked, “If we were to do an objective assessment, I think we’d have to give ourselves very poor marks for where we actually are in cybersecurity.”
Selby emphasized the need for organizations to return to basic cyber hygiene practices, noting that many applications still lack essential security measures such as multi-factor authentication and data encryption.
The Department of Energy, which employs over 125,000 people across 17 national laboratories and 37 field offices, recently launched its own cybersecurity strategy. This strategy aligns with the Biden administration’s five-pillar national strategy, which focuses on:
- Defending critical infrastructure
- Disrupting and dismantling threat actors
- Shaping market forces to drive security and resilience
- Investing in a resilient future
- Forging international partnerships to pursue shared goals
Global Collaboration and Cybersecurity as a Developmental Challenge
Yu Ping Chan, head of digital partnerships and engagement at the United Nations Development Programme (UNDP), emphasized the need for global cooperation in cybersecurity. She highlighted that many developing countries face significant challenges, including a lack of cybersecurity skills, language barriers, and limited internet access in rural areas.
Chan stressed the importance of treating cybersecurity as a developmental challenge, not just a technical one. The UNDP is working with the International Telecommunications Union (ITU) to help developing nations build cyber capacity. Discussions are underway with the US government to fund programs aimed at addressing cybersecurity capacity gaps.
Implementing Zero Trust and Modern Solutions
Ryan Zacha, principal solutions architect at Booz Allen, discussed the zero trust model, which assumes no user, device, or system is inherently trustworthy. Zacha highlighted the importance of building security by design and leveraging modern solutions to enhance cybersecurity while improving system performance.
In July 2024, a White House memo directed federal agencies to align budget requests with the national cyber strategy and implement zero trust solutions. Zacha noted the success of applying DevSecOps in mission-critical projects, such as healthcare.gov and Department of Defense data platforms, to ensure security is integrated from the start.
The Role of AI in Cybersecurity
Jason Ralph, director of the Security Operations Center at the US Department of Labor, pointed out that artificial intelligence (AI) is playing a growing role in cybersecurity. While AI can streamline processes such as transcription and customer support, Ralph cautioned that defensive measures must be in place to ensure AI tools are functioning as intended.
The department has adopted a zero trust framework and is working on initiatives such as authentication enhancements, data encryption, and log ingest improvements to combat phishing and other evolving threats.
Evolving Threat Landscape
The speakers stressed that while cyber threats are constant, the tools and techniques used by both attackers and defenders are evolving. Technologies like generative AI are making phishing attacks more sophisticated, and quantum computing poses a future threat as adversaries collect data now to decrypt it later.
As Zacha remarked, “The ‘water rises lift all boats’ approach is probably a great way to look at this. As we increase cybersecurity spending across the global environment, that helps security around the globe in all ways.”
Governments worldwide must focus on cyber hygiene, invest in resilient cybersecurity infrastructures, and foster international collaboration to stay ahead of the growing cybersecurity threats.
