The United States sets new cybersecurity goals

The United States is trying to make it easier for companies and organizations to beef up their cybersecurity in the face of growing attacks aimed at crippling their operations, stealing their data or demanding ransom payments.

Officials from the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) unveiled their new Cybersecurity Performance Goals on Thursday, describing them as a critical but volunteer resource that will help companies and organizations to make better decisions.

“Really, what these cybersecurity performance goals present is a menu of options to improve it,” Homeland Security Secretary Alejandro Mayorkas told reporters, describing the launch as a “watershed moment” for cybersecurity.

“They are accessible, easy to understand and are identified according to the cost that each one would imply, the complexity to implement the goal, as well as the magnitude of the impact that the implementation of the goal would have,” he added.

For months, US officials have been warning of an increasingly complex and dangerous threat environment in cyberspace, fueling the government’s “Shields Up” awareness campaign, promoted in part byrussian invasion of ukraine at the beginning of this year.

They also drew attention to cyberattacks from Iran and North Korea, while warning that nations and non-state actors alike have been increasingly scanning and targeting critical US infrastructure, from water and power companies to airports, which were hit by a series of denial-of-service attacks in early October.

Private cybersecurity companies have also warned of a growing number of attacks against health care companies and educational and research organizations.

While some larger American companies and organizations have been able to commit time, money and other resources to confront the growing dangers, White House officials are concerned that others have not.

In particular, CISA has been concerned about small and medium-sized businesses, along with hospitals and school systems, often described by officials as goal-rich but resource-poor, because they don’t have the money or funds to defend the systems. and data from hackers.

Officials said the new guidelines, which focus on key areas such as account security, training, incident reporting, and response and recovery, and come with checklists, are designed to ease the burden. Officials also noted that they anticipate targets will change and evolve along with the threat.

The newly revealed targets “were developed to truly represent a minimum foundation of cybersecurity measures that, if implemented, will reduce not only risk to critical infrastructure but also to national security, economic security, and public health and safety.” said Jen Easterly, director of CISA, calling them a “quick start guide.”

“It’s really a place to start driving priority investment towards the most critical practices,” he said.

According to CISA, many of the new targets are already resonating, including with state and local officials who organize US elections.

“We have been working with them to implement several of these best practices, as well as making sure they have the tools, resources and capabilities to ensure the security and resiliency of election infrastructure,” Easterly told reporters Thursday. “I have met with election officials even in the last few days and they all expressed particular confidence in the cyber security on all of their systems.”

CISA also reported Thursday that US states and territories that need the most help will be able to take advantage of $1 billion in grants that will be available over the next four years.

The grants, specifically designed to help protect America’s critical infrastructure, were first announced last month.

Connect with the Voice of America! Subscribe to our channel Youtube and turn on notifications, or follow us on social media: Facebook, Twitter and Instagram.