Biden Administration Announces National Cybersecurity Strategy
On March 02, 2023, the Biden-Harris Administration unveiled the National Cybersecurity Plan to ensure that all Americans can enjoy the advantages of a secure digital environment. In this pivotal decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that is consistent with our values. These values include a commitment to economic security and prosperity, respect for human rights and fundamental freedoms, faith in our democracy and its institutions, and a commitment to creating a fair and diverse society. This goal cannot be achieved without a dramatic reorganisation of the United States’ cyberspace responsibilities, roles, and resources.
VISION- AIM
A more planned, organised, and well-resourced strategy to cyber protection is necessary for today’s rapidly developing world. State and non-state actors alike are launching creative new initiatives to challenge the United States. New avenues for innovation are opening up as next-generation technologies attain maturity and digital interdependencies are expanding. Thus, this Plan lays forth a plan to counter these dangers and protect the digital future. Putting it into effect can safeguard spending on things like infrastructure, clean energy, and the re-shoring of American industry.
The USA will create its digital environment by:
- Defensible if the cyber defence is comparatively easier, more effective, cheaper
- Resilient, where the impacts of cyberattacks and operator mistakes are lasting and little widespread.
- Values-aligned, where our most cherished values shape—and are in turn reinforced by— our digital world.
Already, the National Security Strategy, Executive Order 14028 (Improving the Nation’s Cybersecurity), National Security Memorandum 5 (Improving Cybersecurity for Critical Infrastructure Control Systems), M-22-09 (Moving the U.S. Government Toward Zero-Trust Cybersecurity Principles), and National Security Memorandum 10 (Improving Cybersecurity for Federal Information Systems) have all been issued to help secure cyberspace and our digital ecosystem (Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems). The Strategy builds upon previous efforts by acknowledging that the Internet serves not as an end in itself but as a means to a goal—the achievement of our highest ideals.
There are five key points that constitute the National Cybersecurity Strategy:
1. Defend Critical Infrastructure –
Defend critical infrastructure by, among other things: i) enacting cybersecurity regulations to secure essential infrastructure; (ii) boosting public-private sector collaboration; (iii) integrating federal cybersecurity centres; (iv) updating federal incident response plans and processes; and (v) modernising federal systems in accordance with zero trust principles.
2. Disrupt and Dismantle Threat Actors
Disrupt and dismantle threat actors, including by i) integrating military, diplomatic, information, financial, intelligence, and law enforcement competence, (ii) strengthening public-private sector collaborations, (iii) increasing the speed and scale of intelligence sharing and victim information, (iv) preventing the abuse of U.S.-based infrastructure, and (v) increasing disruption campaigns and other endeavours against ransomware operators;
3. Shape Market Forces to Drive Security and Resilience
The federal government can help shape market forces that drive security and resilience by doing the following: i) supporting legislative efforts to limit organisations’ ability to collect, use, transfer, and maintain personal information and providing strong protections for sensitive data (such as geolocation and health data), (ii) boosting IoT device security via federal research, development, sourcing, risk management efforts, and IoT security labelling programs, and (iii) instituting legislation establishing standards for the security of IoT devices. (iv) strengthening cybersecurity contract standards with government suppliers, (v) studying a federal cyber insurance framework, and (vi) using federal grants and other incentives to invest in efforts to secure critical infrastructure.
4. Invest in a Resilient Future
Invest in a resilient future by doing things like i) securing the Internet’s underlying infrastructure, (ii) funding federal cybersecurity R&D in areas like artificial intelligence, cloud computing, telecommunications, and data analytics used in critical infrastructure, (iii) migrating vulnerable public networks and systems to quantum-resistant cryptography-based environments, and (iv) investing hardware and software systems that strengthen the resiliency, safety, and security of these areas, (v) enhancing and expanding the nation’s cyber workforce; and (vi) investing in verifiable, strong digital identity solutions that promote security, interoperability, and accessibility.
5. Forge International Partnerships to Pursue Shared Goals
The United States should work with other countries to advance common interests, such as i) forming international coalitions to counter threats to the digital ecosystem; (ii) increasing the scope of U.S. assistance to allies and partners in strengthening cybersecurity; (iii) forming international coalitions to reinforce global norms of responsible state behaviour; and (v) securing global supply chains for information, communications, and operational technologies.
Conclusion:
The Strategy results from months of work by the Office of the National Cyber Director (“ONCD”), the primary cybersecurity policy and strategy advisor to President Biden and coordinates cybersecurity engagement with business and international partners. The National Security Council will oversee the Strategy’s implementation through ONCD and the Office of Management and Budget.
In conclusion, we can say that the National Cybersecurity Plan of the Biden administration lays out an ambitious goal for American cybersecurity that is to be accomplished by the end of the decade. The administration aims to shift tasks and responsibilities to those organisations in the best position to safeguard systems and software and to encourage incentives for long-term investment in cybersecurity to build a more cyber-secure future.
It is impossible to assess the cyber strategy in a vacuum. It’s critical to consider the previous efforts and acknowledge the ones that still need to be made. The implementation specifics for several aspects of the approach are left up to a yet-to-be-written plan.
Given these difficulties, it would be simple to voice some pessimism at this stage regarding the next effort that will be required. Yet, the Biden administration has established a vision for cybersecurity oriented towards the future, with novel projects that could fundamentally alter how the United States handles and maintains cybersecurity. The Biden administration raised the bar for cybersecurity by outlining this robust plan, which will be challenging for succeeding administrations to let go. Also, it has alerted Congress to areas where it will need to act.
References:
- https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/
- https://www.huntonprivacyblog.com/2023/03/02/white-house-releases-national-cybersecurity-strategy/
- https://www.lawfareblog.com/biden-harris-administration-releases-new-national-cybersecurity-strategy
Related Blogs
Introduction
Robotic or Robo dogs are created to resemble dogs in conduct and appearance, usually comprising canine features including barking and wagging tails. Some examples include Rhex (hexapod robot), Littledog and BigDog (created by Boston Dynamics robot). Robodogs, on the whole, can even respond to commands and look at a person with large LED-lit puppy eyes.
A four-legged robotic solution was recently concluded through its foremost successful radiation protection test inside the most extensive experimental area at the European Organization for Nuclear Research known as CERN. Each robot created at CERN is carefully crafted to fulfil exceptional challenges and complement each other. Unlike the previous wheeled, tracked or monorail robots, the robodogs will be capable of penetrating unexplored dimensions of the caverns, expanding the spectrum of surroundings that CERN robots can act as a guide. Also, Incorporating the robodog with the existing monorail robots in the Large Hadron Collider (LHC) tunnel will expand the range of places available for monitoring and supervision, improving the security and efficiency of the operation of CERN. Lenovo too has designed a six-legged robot called the "Daystar Bot GS" to be launched this year, which promises "comprehensive data collection."
Use of Robodogs in diverse domains
Due to the enhancement of Artificial Intelligence (AI), robodogs can be a boon for those with exceptional requirements. The advantage of AI is the dependability of its features, which can be programmed to answer certain commands detailed to the user.
In the context of health and well-being, they can be useful if they are programmed to take care of a person with distinct or special requirements (elderly person or visually impaired person). For this reason, they are considered more advantageous than the real dogs. Recently, New Stanford has designed robodogs that can perform several physical activities, including dancing and may also one day assist in putting pediatric patients in comfort during their hospital stays. Similarly, the robodog, "Pupper", is a revamped version of another robotic dog designed at Stanford called "Doggo", an open-source bot with 3D printed elements that one could create on a fairly small budget. They were also created to interact with humans. Furthermore, Robots as friends are a more comfortable hop for the Japanese. The oldest and most successful social robot in Japan is called "Paro", resembling an ordinary plush toy that can help in treating depression, stress, anxiety and also mood swings in a person. Following 1998, several Paro robots were exported overseas and put into service globally, reducing stress among children in ICUs, treating American veterans suffering from Post Traumatic Stress Disorder (PTSD), and assisting dementia patients.
Post-pandemic, the Japanese experiencing loneliness and isolation have been clinging to social robots for mind healing and comfort. Likewise, at a cafe in Japan, proud owners of the AI-driven robot dog "Aibo" have pawed its course into the minds and hearts of the people. Presently, robots are replacing the conventional class guinea pig or bunny at Moriyama Kindergarten in the central Japanese city of Nagoya. According to the teachers here, the bots apparently reduce stress and teach kids to be more humane.
In the security and defence domain, the unique skills of robodogs allow them to be used in hazardous and challenging circumstances. They can even navigate through rugged topography with reassurance to save stranded individuals from natural catastrophes. They could correspondingly help with search and rescue procedures, surveillance, and other circumstances that could be dangerous for humans. Researchers or experts are still fine-tuning the algorithm to develop them by devising the technology and employing affordable off-shelf robots that are already functional. Robodogs are further used for providing surveillance in hostage crises, defusing bombs, besides killing people to stop them from attacking other individuals. Similarly, a breakthrough in AI is being tested by the Australian military that reportedly allows soldiers to control robodogs solely with their minds. Cities like Florida and St. Petersburg also seem bound to keep police robodogs. The U.S. Department of Homeland Security is further seeking plans to deploy robot dogs at the borderlands. Also, the New York City Police Department (NYPD) intends to once again deploy four-legged 'Robodogs' to deal with high-risk circumstances like hostage negotiations. The NYPD has previously employed alike robodogs for high-octane duties in examining unsafe environments where human officers should not be exposed. The U.S. Marine Corps is additionally experimenting with a new breed of robotic canine that can be helpful in the battleground, enhance the safety and mobility of soldiers, and aid in other tasks. The Unitree Go1 robot dog (Nicknamed GOAT-Grounded Open-Air Transport) by the Marines is a four-legged machine that has a built-in AI system, which can be equipped to carry an infantry anti-armour rocket launcher on its back. The GOAT robot dog is designed to help the Marines move hefty loads, analyse topography, and deliver fire support in distant and dangerous places.
However, on the contrary, robodogs may pose ethical and moral predicaments regarding who is accountable for their actions and how to ensure their adherence to the laws of warfare. This may further increase security and privacy situations on how to safeguard the data of the robotic dogs and contain hacking or sabotage.
Conclusion
Teaching robots to traverse the world conventionally has been an extravagant challenge. Though the world has been seeing an increase in their manufacturing, it is simply a machine and can never replace the feeling of owning a real dog. Designers state that intelligent social robots will never replace humans, though robots provide the assurance of social harmony without social contact. Also, they may not be capable of managing complicated or unforeseen circumstances that need instinct or human decision-making. Nevertheless, owning robodogs in the coming decades is expected to become even more common and cost-effective as they evolve or advance with new algorithms being tested and implemented.
References:
- https://home.cern/news/news/engineering/introducing-cerns-robodog
- https://news.stanford.edu/2023/10/04/ai-approach-yields-athletically-intelligent-robotic-dog/
- https://nypost.com/2023/02/17/combat-ai-robodogs-follow-telepathic-commands-from-soldiers/
- https://www.popsci.com/technology/parkour-algorithm-robodog/
- https://ggba.swiss/en/cern-unveils-its-innovative-robodog-for-radiation-detection/
- https://www.themarshallproject.org/2022/12/10/san-francisco-killer-robots-policing-debate
- https://www.cbsnews.com/news/robo-dogs-therapy-bots-artificial-intelligence/
- https://news.stanford.edu/report/2023/08/01/robo-dogs-unleash-fun-joy-stanford-hospital/
- https://www.pcmag.com/news/lenovo-creates-six-legged-daystar-gs-robot
- https://www.foxnews.com/tech/new-breed-military-ai-robo-dogs-could-marines-secret-weapon
- https://www.wptv.com/news/national/new-york-police-will-use-four-legged-robodogs-again
- https://www.dailystar.co.uk/news/us-news/creepy-robodogs-controlled-soldiers-minds-29638615
- https://www.newarab.com/news/robodogs-part-israels-army-robots-gaza-war
- https://us.aibo.com/
Introduction
Cybersecurity threats have been globally prevalent for quite some time now. All nations, organisations and individuals stand at risk from new and emerging potential cybersecurity threats, putting finances, privacy, data, identities and sometimes human lives at stake. The latest Data Breach Report by IBM revealed that nearly a staggering 83% of organisations experienced more than one data breach instance during 2022. As per the 2022 Data Breach Investigations Report by Verizon, the total number of global ransomware attacks surged by 13%, indicating a concerning rise equal to the last five years combined. The statistics clearly showcase how the future is filled with potential threats as we advance further into the digital age.
Who is Okta?
Okta is a secure identity cloud that links all your apps, logins and devices into a unified digital fabric. Okta has been in existence since 2009 and is based out of San Francisco, USA and has been one of the leading service providers in the States. The advent of the company led to early success based on the high-quality services and products introduced by them in the market. Although Okta is not as well-known as the big techs, it plays a vital role in big organisations' cybersecurity systems. More than 18,000 users of the identity management company's products rely on it to give them a single login for the several platforms that a particular business uses. For instance, Zoom leverages Okta to provide "seamless" access to its Google Workspace, ServiceNow, VMware, and Workday systems with only one login, thus showing how Okta is fundamental in providing services to ease the human effort on various platforms. In the digital age, such organisations are instrumental in leading the pathway to innovation and entrepreneurship.
The Okta Breach
The last Friday, 20 October, Okta reported a hack of its support system, leading to chaos and havoc within the organisation. The result of the hack can be seen in the market in the form of the massive losses incurred by Okta in the stock exchange.
Since the attack, the company's market value has dropped by more than $2 billion. The well-known incident is the most recent in a long line of events connected to Okta or its products, which also includes a wave of casino invasions that caused days-long disruptions to hotel rooms in Las Vegas, casino giants Caesars and MGM were both affected by hacks as reported earlier this year. Both of those attacks, targeting MGM and Caesars’ Okta installations, used a sophisticated social engineering attack that went through IT help desks.
What can be done to prevent this?
Cybersecurity attacks on organisations have become a very common occurrence ever since the pandemic and are rampant all across the globe. Major big techs have been successful in setting up SoPs, safeguards and precautionary measures to protect their companies and their digital assets and interests. However, the Medium, Mico and small business owners are the most vulnerable to such unknown high-intensity attacks. The governments of various nations have established Computer Emergency Response Teams to monitor and investigate such massive-scale cyberattacks both on organisations and individuals. The issue of cybersecurity can be better addressed by inculcating the following aspects into our daily digital routines:
- Team Upskilling: Organisations need to be critical in creating upskilling avenues for employees pertaining to cybersecurity and threats. These campaigns should be run periodically, focusing on both the individual and organisational impact of any threat.
- Reporting Mechanism for Employees and Customers: Business owners and organisations need to deploy robust, sustainable and efficient reporting mechanisms for both employees well as customers. The mechanism will be fundamental in pinpointing the potential grey areas and threats in the cyber security mechanism as well. A dedicated reporting mechanism is now a mandate by a lot of governments around the world as it showcases transparency and natural justice in terms of legal remedies.
- Preventive, Precautionary and Recovery Policies: Organisations need to create and deploy respective preventive, precautionary and recovery policies in regard to different forms of cyber attacks and threats. This will be helpful in a better understanding of threats and faster response in cases of emergencies and attacks. These policies should be updated regularly, keeping in mind the emerging technologies. Efficient deployment of the policies can be done by conducting mock drills and threat assessment activities.
- Global Dialogue Forums: It is pertinent for organisations and the industry to create a community of cyber security enthusiasts from different and diverse backgrounds to address the growing issues of cyberspace; this can be done by conducting and creating global dialogue forums, which will act as the beacon of sharing best practices, advisories, threat assessment reports, potential threats and attacks thus establishing better inter-agency and inter-organisation communication and coordination.
- Data Anonymisation and Encryption: Organisations should have data management/processing policies in place for transparency and should always store data in an encrypted and anonymous manner, thus creating a blanket of safety in case of any data breach.
- Critical infrastructure: The industry leaders should push the limits of innovation by setting up state-of-the-art critical cyber infrastructure to create employment, innovation, and entrepreneurship spirit among the youth, thus creating a whole new generation of cyber-ready professionals and dedicated netizens. Critical infrastructures are essential in creating a safe, secure, resilient and secured digital ecosystem.
- Cysec Audits & Sandboxing: All organisations should establish periodic routines of Cybersecurity audits, both by internal and external entities, to find any issue/grey area in the security systems. This will create a more robust and adaptive cybersecurity mechanism for the organisation and its employees. All tech developing and testing companies need to conduct proper sandboxing exercises for all or any new tech/software creation to identify its shortcomings and flaws.
Conclusion
In view of the rising cybersecurity attacks on organisations, especially small and medium companies, a lot has been done, and a lot more needs to be done to establish an aspect of safety and security for companies, employees and customers. The impact of the Okta breach very clearly show how cyber attacks can cause massive repercussion for any organisation in the form of monetary loss, loss of business, damage to reputation and a lot of other factors. One should take such instances as examples and learnings for ourselves and prepare our organisation to combat similar types of threats, ultimately working towards preventing these types of threats and eradicating the influence of bad actors from our digital ecosystem altogether.
References:
- https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach#:~:text=In%202022%2C%20the%20global%20average,legal%20fees%2C%20and%20audit%20fees.
- https://www.okta.com/intro-to-okta/#:~:text=Okta%20is%20a%20secure%20identity,use%20to%20work%2C%20instantly%20available.
- https://www.cyberpeace.org/resources/blogs/mgm-resorts-shuts-down-it-systems-after-cyberattack
Introduction
The insurance industry is a target for cybercriminals due to the sensitive nature of the information it holds. This makes it essential for insurance companies to have robust cybersecurity measures to protect their data and customers’ personal information.
Cyber fraud in India’s insurance industry is increasing. It is reported that the Indian insurance sector has witnessed a surge in cyber-attacks, with several instances of data breaches, identity thefts, and financial fraud being reported. These cybercrimes not only pose a significant threat to the financial stability of the insurance industry but also to the privacy and security of policyholders.
Cyber Frauds in the Insurance Industry
The insurance industry in India has been the target of increasing cyber fraud in recent years. With the growing digital transformation trend, insurance companies have become increasingly vulnerable to cyber-attacks. Cyber frauds in the insurance industry are initiated by hackers who use various techniques such as phishing, malware, ransomware, and social engineering to gain unauthorised access to policyholders’ personal data and sensitive information
Kinds of cyber frauds in the insurance industry
It is essential for insurers and policyholders alike to be aware of these kinds of cyber-attacks on insurance companies in today’s digital age. Staying educated about these threats can help prevent them from happening in the future.
Identity theft– One common type of cyber fraud that occurs in the insurance industry is identity theft. In this type of fraud, criminals steal personal information such as name, address, date of birth and social security numbers through phishing emails or fraudulent websites. They then use this information to open fraudulent policies or access existing ones.
Payment fraud- Another type of cyber fraud that is on the rise is payment fraud. In this type of fraud, hackers intercept electronic payments made by policyholders or agents using fake bank accounts or compromised payment gateways. The money is then siphoned into untraceable accounts, making it difficult for law enforcement agencies to identify and arrest the perpetrators.
Phishing attacks- Where the fraudsters posed as company officials and sent emails to policyholders requesting their account details. The unsuspecting customers fell for this scam and shared their sensitive information, which was then used to access their accounts and steal funds.
Hacking- Where hackers breach the company’s system to gain access to policyholder data. The hackers’ stoles personal records, including names, addresses, phone numbers, social security numbers, and financial information, which they later sell on the dark web.
Fake policies scam- Fraudsters create fake policies using stolen identities and collect premiums from innocent customers. The insurer then voided these policies due to fraudulent activity leaving those people without valid coverage when they needed it most. The victims suffer significant financial losses due to this scam.
Fake Insurance Websites- Discuss the creation of deceptive websites that imitate well-known insurance companies, where unsuspecting individuals provide their personal details, leading to identity theft or financial losses.
Prevention of Cyber Frauds in the Insurance Industry- Best practices to follow
Prevention is better than cure, which also holds true in the case of cyber fraud in the insurance industry. The industry must take proactive steps to prevent such frauds from occurring in the first place. One of the most effective ways to do so is by investing in cybersecurity measures that are specifically designed for the insurance sector.
Insurance companies must conduct regular employee training programs on cybersecurity best practices. This includes educating employees on how to identify and avoid phishing emails, create strong passwords, and recognise potential cyber threats. Companies should also establish a reporting mechanism for employees to report suspicious activity or incidents immediately.
Having proper access controls in place is also necessary. This means limiting access to sensitive data only to those employees who need it, implementing two-factor authentication, and regularly monitoring user activity logs. Regular audits can also provide an extra layer of protection against potential threats by identifying vulnerabilities that may have been overlooked during routine security checks.
Another essential step is encrypting all data transmitted between different systems and devices. Encryption scrambles data into unreadable codes that can only be deciphered using a decryption key, making it difficult for hackers to intercept or steal information in transit.
Legal Framework for Cyber Frauds in the Insurance Industry
The legal framework for cyber fraud in the insurance industry is critical to preventing such crimes. The Insurance Regulatory and Development Authority of India (IRDAI) has issued guidelines for insurers to establish a cybersecurity framework. The guidelines require insurers to conduct regular risk assessments, implement security measures, and ensure compliance with data privacy laws.
The Information Technology Act 2000, is another significant piece of legislation dealing with cyber fraud in India. The act defines offences such as unauthorised access to a computer system, hacking, and tampering with data. It also provides for stringent penalties and imprisonment for those found guilty of such offences.
The IRDAI’s guidelines provide insurers with a roadmap to establish robust cybersecurity measures to help prevent cyber fraud in the insurance industry. Stringent implementation of these guidelines will go a long way in safeguarding sensitive customer information from falling into the wrong hands.
Best Practices for Insurers and Policyholders
Insurers:
Implementing Strong Authentication: Encouraging the use of multi-factor authentication and secure login processes to safeguard customer accounts and prevent unauthorised access.
Regular Employee Training: Conduct cybersecurity awareness programs to educate employees about the latest threats and preventive measures.
Investing in Advanced Technologies: Utilizing robust cybersecurity tools and systems to promptly detect and mitigate potential cyber threats.
Policyholders:
Vigilance and Awareness: Policyholders must stay vigilant while sharing personal information online and verify the authenticity of insurance websites and communication channels.
Regular Updates and Patches: Advising individuals to keep their devices and software up to date to minimise vulnerabilities that cybercriminals can exploit.
Secure Online Practices: Encouraging the use of strong and unique passwords, avoiding sharing sensitive information on unsecured networks, and exercising caution when clicking on suspicious links or attachments.
Conclusion
As the Indian insurance industry embraces digitisation, the risk of cyber scams and data breaches becomes a significant concern. Insurers and policyholders must collaborate to ensure robust cybersecurity measures are in place to protect sensitive information and financial interests.
It is essential for insurance companies to invest in robust cybersecurity measures that can detect and prevent fraud attempts. Additionally, educating employees on the dangers of cyber fraud and implementing strict compliance measures can go a long way in mitigating risks. With these efforts, the insurance industry can continue to provide trustworthy and reliable services to its customers while protecting against cyber threats. As technology continues to evolve, it is imperative that the insurance industry adapts accordingly and remains vigilant against emerging threats.
