Mobilizing on National Cyber Defense Priorities
Do not underestimate the role every business, no matter how small, has to play in the United States' cyber defenses. Furthermore, we often overlook that individual elements of the nation's critical infrastructure may operate in decentralized units as small as one or two people. These small, and often under-resourced, elements present vulnerable targets to US adversaries. For this reason, small business and critical infrastructure leaders are pivotal in achieving the priorities set forth by the Cybersecurity and Infrastructure Security Agency (CISA) and the Joint Cyber Defense Collaborative (JCDC) for 2024. As these entities emphasize the importance of unified efforts across public and private sectors to achieve significant cybersecurity outcomes, the involvement of these leaders is indispensable. The JCDC's focus on defending against Advanced Persistent Threat (APT) operations, raising the cybersecurity baseline, and anticipating emerging technology and risks presents a comprehensive framework within which small businesses and critical infrastructure leaders can contribute significantly.
Defending Against APT Operations
Small businesses and critical infrastructure entities are often the targets of APT operations due to their vital role in the national economy and their perceived vulnerabilities. Leaders in these sectors must prioritize the identification and fortification of their cyber defenses against such threats, especially those posed by actors affiliated with adversarial nations. There is a wealth of open-source information through which these leaders can gain insights into strategic and operational efforts to counter APT attacks, thereby safeguarding their assets and the nation's critical functions. Collaboration with entities like CISA can also facilitate access to resources and intelligence that enhance their preparedness for major cyber incidents.
Raising the Cybersecurity Baseline
The JCDC's emphasis on elevating the cybersecurity baseline underscores the necessity for small businesses and critical infrastructure leaders to invest in basic cybersecurity practices. This involves not only the adoption of secure technologies but also the cultivation of a cybersecurity-aware culture within their organizations. Furthermore, raising the cybersecurity baseline encapsulates the idea that cybersecurity is a basic building block for any modern business or government organization. The new paradigm emphasizes securing what is built at every step of the way, rather than securing it after the fact. Security at each step is further emphasized with CISA's Secure by Design initiative, positing that technology manufacturers must take increased responsibility in developing cyber-secure products, versus passing that responsibility onto the end consumer.
Anticipating Emerging Technology and Risks
Innovation is a double-edged sword that, while driving efficiency and competitiveness, also introduces new cybersecurity risks. Small business and critical infrastructure leaders have a critical role in ensuring that the adoption of emerging technologies, such as Artificial Intelligence (AI), is accompanied by adequate risk assessments and mitigation strategies. Risk assessments conducted throughout, with an eye toward cybersecurity, will outperform attempts at mitigating risk after the fact. By collaborating with cybersecurity experts or service providers, these leaders can contribute to and benefit from collective efforts to understand and decrease the vulnerabilities associated with new technologies. This proactive approach not only protects their own enterprises but also contributes to the national security posture.
Tangible Steps
Leaders of small businesses and critical infrastructure entities can take several proactive steps to secure themselves. Here are actionable measures they can implement:
Cybersecurity Awareness and Training:
Implement Strong Cyber Hygiene Practices:
Conduct Regular Security Assessments:
Develop and Maintain an Incident Response Plan:
Recommended by LinkedIn
Share and Collaborate on Threat Intelligence:
Secure Critical Assets and Networks:
Leverage Advanced Security Technologies:
Legal and Regulatory Compliance:
Foster a Culture of Security:
Conclusion
The JCDC's 2024 Priorities present a strategic framework for enhancing the nation's cybersecurity resilience, with small business and critical infrastructure leaders at the forefront. Their participation in community-wide initiatives facilitates the sharing of insights, expertise, and resources, fostering a collaborative environment that strengthens the collective cybersecurity posture. By narrowing the focus to the three key priorities—defending against APT operations, raising the cybersecurity baseline, and anticipating emerging technology and risks—these leaders can ensure their entities are not only secure but also significant contributors to both the national and global cybersecurity ecosystems.
Sources