Armis Acquires Silk Security

Learn More
Nov 21, 2023

Federal Spotlight: Priorities for the Year Ahead

brand color blocks purple thumbnail
This blog is part of the 2024 Cyber Predictions blog series where Armis Experts share their thoughts on trends and technologies shaping the future of cybersecurity.
Check out all our 2024 predictive blogs →

 

As we rapidly approach the end of 2023, we are just as quickly approaching not only the start of a new year, but another election year in the United States. Around the world, elections bring both excitement and uncertainty. And while no one has a crystal ball, history and evolving trends can help us anticipate what the future may hold. The same is true when it comes to the cybersecurity industry.

These are my top five cybersecurity predictions for the year ahead given the emerging trends we’re seeing today.

1. The U.S. federal government will prioritize increased operational intelligence and cybersecurity in an effort to restore trust in the election process.

Cybersecurity concerns undermine trust in elections. For a country built on democracy, distrust in the electoral process can ripple negatively across society. During the upcoming election, conversations around cybersecurity will be front and center – in fact, they already are. In an effort to restore trust in the election process, the U.S. federal government and its agencies will prioritize increased operational intelligence. Specifically, asset intelligence cybersecurity so agencies can communicate with the confidence they get from knowing what physical and virtual assets are on their network and that their attack surface has not been compromised.

2. Artificial Intelligence (AI) will be abused in an effort to meddle with the U.S. electoral process.

AI is a powerful tool with many great, positive use cases, but the technology can also be a double-edged sword. Cybercriminals are using AI to develop new and sophisticated attacks on election infrastructure, so it’s critical that agencies prioritize how they can protect the entire attack surface and manage cyber risk-exposure in real time. Additionally, bad actors are likely to leverage the technology in a variety of other malicious ways, including through the use of deepfake voice and video content, in an attempt to influence voters, spread misinformation and sow further distrust in a system built for the people. It’s critical that government agencies be aware of these threats and take steps to proactively mitigate this risk.

3. Escalating cyber attacks from nation-state threat actors in 2024 will ring alarm bells for critical infrastructure entities.

There have been clear demonstrations that prove the capabilities of malicious cyberattackers and nation-state actors to affect critical infrastructure, as well as the impact of successful breaches on society. The availability of AI heightens these threats, as the frequency and sophistication behind these attacks accelerates. The question is not if a major attack is coming, but when. The timeliness of the U.S. election could be an impetus to cause mass disruption.

Critical infrastructure is extremely vulnerable to these attacks, given the essential services society relies upon. Even the Department of Defense – with one of the most secure networks in the world – relies on electricity. Global organizations and governments must take these threats seriously and act now to shore up their defenses.

4. Securing the evolving supply chain by consolidating related cybersecurity programs will be a key area of focus for federal IT and security pros in 2024.

The U.S. government can have the most secure network possible, but if the integrators and hardware providers that they are using are not fully secure, then the federal government is not secure. This has been further complicated by the explosion of physical and virtual assets connected to agency and business networks and a migration to 5G. The U.S. government has been taking positive steps here for several years to address third-party supply chain security concerns with The Cybersecurity Maturity Model Certification (CMMC) program, More Situational Awareness for Industrial Control Systems (MOSAICS), software bill of materials (SBOM) and more.

What we’ll see in the year ahead is that these initiatives will come together instead of being separate. The investment that’s being allocated to fund these initiatives in silos will converge, accelerating efforts to shore up defenses around the supply chain. With this, contractors will be held to a higher standard and will be asked to prove that they are secure. To do this, contractors should prioritize asset intelligence cybersecurity to point to as a source of truth.

5. The U.S. federal government will serve as a model to the cybersecurity industry overall when it comes to how to fully adopt Zero Trust.

If there is one thing the entire federal government agrees on, it’s that Zero Trust is the best

approach for stronger cybersecurity. For federal agencies, Zero Trust is highly regulated and requires a rigorous implementation of principles.

Zero Trust requires accountability – every asset on the network must be clearly assigned to an owner. The need to include every asset in a Zero Trust approach is made clear in language from NIST Special Publication 800-207, a foundational document meant to provide an implementation roadmap for Zero Trust security concepts. It states the following:

“A ZT approach is primarily focused on data and service protection but can and should be expanded to include all enterprise assets (devices, infrastructure components, applications, virtual and cloud components) and subjects (end users, applications and other non-human entities that request information from resources).”

Next year, there will be a realization that security and IT pros from federal agencies are leading the charge here, embracing and adopting Zero Trust more fully than the rest of the cybersecurity industry.

In summary, while I hope that some of the more positive predictions I’ve outlined above come true, I’d certainly be happy to be proven wrong on the others. Without a crystal ball to help us make any predictions with 100% accuracy, it’s probably smart to hope for the best, prepare for the worst, and proactively take steps toward being prepared for any potential outcomes.

Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society safe and secure 24/7. Learn more here: https://www.armis.com/cybersecurity/federal-government/

2024 Cyber Predictions

Get Updates

Sign up to receive the latest from Armis.