9 notable government cybersecurity initiatives of 2021

Governments are increasingly taking on cybersecurity threats, as these nine government-led initiatives from around the globe show.

1 2 Page 2
Page 2 of 2

US lawmakers propose American Cybersecurity Literacy Act

In June, bipartisan House lawmakers introduced a proposal for the American Cybersecurity Literacy Act, new legislation to boost cybersecurity awareness and knowledge of data security among internet users in the US. Currently under review by the House Committee on Energy and Commerce, the act sets out that the US has a national security and economic interest in promoting cybersecurity literacy , establishing that the assistant secretary for communications and information shall develop and conduct a cybersecurity literacy campaign of best practices to reduce cybersecurity risks.

Commenting on the proposal, Dave Stapleton, CISO at CyberGRX, tells CSO that the threat of cyberattacks and the need for meaningful countermeasures is proving to be one of the few matters that enjoys bipartisan agreement in the US government. “The American Cybersecurity Literacy Act’s focus on educating the American public is spot on. Quite often the threats facing us as individuals are the same, or derivative, of those facing corporations. We see this evidenced in the number of business email compromise (BEC) attacks that are received on employees’ personal devices. The line between our professional and personal lives is increasingly blurred, making a threat to an individual a likely threat to their employer.”

Identity-based attacks are some of the most common in both corporate and private America, and for good reason—compromising a legitimate identity is an efficient method to bypass the security safeguards implemented by individuals and their companies, Stapleton says. “Therefore, it is encouraging to see that the American Cybersecurity Literacy Act, if passed, will be zeroing in on the threat of phishing and the need for everyone to enable and use multi-factor authentication (MFA) whenever possible.”

French government releases cyberattack alert system

In July, the French government launched a new warning system for small- and medium-sized companies to support them in the event of cyberattacks, informing businesses of the actions they should take in response to incidents. The system was presented by Cédric O, secretary of state in charge of Digital Transition and Electronic Communications, along with other senior officials.

According to a government press release, when a vulnerability or an attack campaign that is particularly critical for small and medium companies is detected, a brief and understandable notice for business leaders is published by the national victim assistance system and the National Agency for the Security of Information Systems (ANSSI). It is then transmitted to bodies including interprofessional organizations, the consular networks of the Chambers of Commerce and Industry (CCI) and the Chambers of Trades and Crafts (CMA), before being relayed as widely as possible to business leaders. The French government believes the speed of information and the ability to take immediate action will allow companies to better protect themselves and therefore limit the impact of cyberattacks on the French economic fabric.

UK Ministry of Defense completes maiden bug bounty program

In August, the UK Ministry of Defence (MoD) announced the completion of its first bug bounty program. In association with HackerOne, it invited ethical hackers to take part in a 30-day challenge to investigate and identify vulnerabilities in its digital assets that required fixing, granting them direct access to its internal systems. The program aimed to help the MoD better secure and defend its cyber systems and 750,000 devices, following the UK government’s new cyber strategy (released in March) to enhance the country’s cyber strength in an increasingly digital world.

Speaking at the closing of the program, MoD CISO Christine Maxwell said the MoD had embraced a strategy of security by design with transparency being integral for identifying areas for improvement in the development process. “It is important for us to continue to push the boundaries with our digital and cyber development to attract personnel with skills, energy, and commitment,” she added. “Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.”

In the same month, the MoD also issued a call to startups to design a new generation of secure hardware and software to help the military reduce its cyberattack surface, offering to fund proposals up to £300,000 for a nine-month contract.

Italian government opens national cybersecurity agency

In August, the Italian parliament approved government plans to establish a new cybersecurity agency to combat cyberattacks targeting the nation, part of a wider strategy to create a secure, unified cloud infrastructure for the country. First announced in June, the Agenzia per la Cybersicurezza Nazionale (ACN) will consist of 300 staff initially and aims to reach 1,000 employees by 2027. It will be headed by Roberto Baldini, deputy director general of the Department of Information for Security (DIS). Its various aims include exercising the functions of national authority in the field of cybersecurity, developing national prevention, monitoring, detection, and mitigation capabilities to cope with cybersecurity incidents and cyberattacks, and contributing to raising the security of information and communications technology systems.

Adam Bangle, vice president EMEA at BlackBerry, says the success of the Italian government’s new national cybersecurity ambitions will depend on it achieving key goals. “First comes safety standardization. Establishing security standards and safe software development principles, exercising zero trust across entire systems, and ensuring that every security protocol is implemented and enforced to avoid any blind spots in perimeter defenses, should be an integral part of any national cyber strategy. Secondly, and most crucially, they must take a proactive, prevention-based security posture to cybersecurity.”

UK government kicks off Cyber Runway business growth program

In August, the UK government unveiled the Cyber Runway project aimed at sparking growth in the UK’s cybersecurity sector. In the expressions of interest phase at the time of writing, Cyber Runway will see entrepreneurs and businesses across the UK get access to business masterclasses, mentoring, product development support, networking events, and backing to trade internationally and secure investment so they can turn their ideas into commercial successes.

Minister for digital infrastructure Matt Warman says the project will tackle barriers to growth, increase investment, and give firms vital support to take their businesses to the next level. “The program will also support founders and innovators from a diverse range of backgrounds—targeting applicants from underrepresented groups in the UK’s cyber sector such as women and people from black, Asian and minority ethnic backgrounds.”

Cyber Runway aims to support 160 companies over the course of six months and is funded by the Department for Digital, Culture, Media and Sport (DCMS) with support from CyLon, Deloitte and the Centre for Secure Information Technologies (CSIT). “The UK’s cybersecurity ecosystem is at a critical and exciting point in its development, with both new challenges and new opportunities having arisen out of the pandemic,” adds Nick Morris, CEO at CyLon. “Cyber Runway will support UK innovators to develop the crucial security technologies that will safeguard the future of our digital economy.”

Copyright © 2021 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
22 cybersecurity myths organizations need to stop believing in 2022