By Michael Hill
UK Editor, CSO |
Cybersecurity continues to be high on the agenda of governments across the globe, with both national and local levels increasingly working to counter cybersecurity threats. Much like last year, 2022 has seen significant, government-led initiatives launched to help to address diverse security issues.
Here are 22 notable cybersecurity initiatives introduced around the world in 2022.
The Israeli government announced that it will join the Inter-American Development Bank (IDB) to establish a new cybersecurity initiative, committing $2 million USD to help strengthen cybersecurity capabilities in Latin America and the Caribbean (LAC). Israel’s funding would aid in building cyber capacity across the region by giving officials and policymakers access to forefront practices and world-leading knowledge and expertise, the government stated. “The cybersecurity initiative is paving the way for the safe and secure digitalization of Latin America and the Caribbean, one of the key elements for growth in the post-COVID era,” said Matan Lev-Ari, Israel’s representative on the IDB’s Board.
Singapore’s Cyber Security Agency (CSA) launched a new certification program to recognize enterprises that have adopted and implemented good cybersecurity practices. The certification comprises of two cybersecurity marks: Cyber Essentials, which recognizes small and medium enterprises that have put in place cyber hygiene measures, and Cyber Trust, a mark of distinction to recognize larger or more digitalized enterprises with comprehensive measures and practices.
To support enterprises in their journeys to attaining certification, the CSA also developed a toolkit for IT teams and curated an initial ecosystem of partners with product and service offerings that can help enterprises address requirements of the marks. “Supply chain cyberattacks will continue to proliferate in the digital space, and in time to come, companies could be required to demonstrate their cybersecurity posture when they conduct business as a way of providing greater assurance to their customers,” said David Koh, chief executive of CSA.
Singapore’s CSA set out a licensing framework for cybersecurity service providers and established the Cybersecurity Services Regulation Office (CSRO) to administer it and facilitate liaisons with the industry and wider public on all licensing-related matters. The framework aims to better safeguard consumers’ interests and addresses the information asymmetry between consumers and cybersecurity service providers, along with improving service provider standards and standing over time, Singapore’s CSA stated.
It added that two types of cybersecurity service providers would be licensed – those providing penetration testing and managed security operations center monitoring services. “These two services are prioritized because service providers performing such services can have significant access into their clients’ computer systems and sensitive information,” the CSA wrote. “In the event that the access is abused, the client’s operations could be disrupted. In addition, these services are already widely available and adopted in the market, and hence have the potential to cause significant impact on the overall cybersecurity landscape.”
The Australian federal government’s Australian Signals Directorate (ASD) announced the launch of the Resilience – Effects – Defence – SPace – Intelligence – Cyber – Enablers (REDSPICE) initiative to enhance the cyber resiliency and defense of national systems and critical infrastructure, with $9.9 billion (AUD) to be invested in bolstering Australia’s national cybersecurity capabilities over the next decade. Through REDSPICE, ASD said it will expand the range and sophistication of its intelligence, offensive, and defensive cyber capabilities. “REDSPICE is the necessary and timely change needed for ASD to continue its contribution to making Australia secure, in both peacetime and conflict,” wrote Rachel Noble, director general of ASD.
The UK government outlined plans for a new cybersecurity strategy to protect the nations’ nuclear sector. Its aim is to build a comprehensive understanding of current sector cybersecurity strengths and challenges with key objectives to be achieved by 2026, as part of its wider National Cyber Strategy 2022. In the 2022 Civil Nuclear Cyber Security Strategy, the UK government outlined the goal of creating a civil nuclear sector which effectively manages and mitigates cyber risk in a collaborative and mature manner, with resilience in responding to and recovering from incidents. The new plans seek to build on existing understanding surrounding nuclear cybersecurity and introduce four key objectives which the sector should achieve within the next four years:
These objectives will be delivered via several priority and supporting activities and overseen by a programmatic approach to delivery. These include Cyber Adversary Simulation (CyAS) assessments and other threat-informed testing activities across the sector’s critical IT and OT systems, baseline cybersecurity standards for the civil nuclear supply chain, and collaboration across the sector on third-party and component assurance and management.
The Victoria state government in Australia announced that it was investing $100,000 AUD in an initiative to train women with one year of experience in the IT sector or three years in cyber to either begin a career or prepare for leadership roles in cybersecurity. The initiative was launched in partnership with the Australian Women in Security Network (AWSN). The state government labelled the scheme as a program designed to improve female representation in the workforce, as the Australian Bureau of Statistics found women make up just 31% of local digital technology workers. The program, which began in July, includes specialist training, coaching and mentoring services, as well as attendance to workshops and networking events.
The UK government opened applications for membership of the Government Cyber Security Advisory Board (GCSAB). The aim of the GCSAB is to build on the success of the External Challenge Panel that brought industry and academic perspectives to support the development of the government’s wider Cyber Security Strategy, which was launched in January 2022 to help build a cyber-resilient public sector. The government stated that the GCSAB will be comprised of independent, external experts to build better links between government, the private sector, and academia, providing perspectives and input on addressing the challenges of government cybersecurity, as per a posting on its website. It invited candidates with cybersecurity expertise or competence or knowledge in the areas of strategy, standards, and assurance; governance, risk, and management program delivery; cyber detection and response technology; and cyber skills and culture to submit Expressions of Interest (EoI) for membership of the GCSAB, which will meet virtually every two months.
The US government introduced a proposed five-step 5G Security Evaluation Process Investigation to address gaps in existing security assessment guidance and standards that arise from new features and services in 5G technologies. “The intent of this joint security evaluation process is to provide a uniform and flexible approach that federal agencies can use to evaluate, understand, and address security and resilience assessment gaps with their technology assessment standards and policies,” said Eric Goldstein, executive assistant director for the Cybersecurity and Infrastructure Security Agency (CISA). “Such a process will provide assurance that the government enterprise system is protected and cybercriminals cannot gain backdoor entry into agency networks through 5G technology.” Specifically, the agencies involved seek to get ahead of the curve before any federal office conducts a security assessment to obtain authorization to operate (ATO). The five steps put forward were:
The UK government called for input from the technology sector on enhancing security and privacy requirements for app stores and app development. The consultation period came in the wake of a new report from the UK’s National Cyber Security Centre (NCSC) that revealed that apps containing malicious malware or those that have been poorly developed are putting users at significant risk. The UK government said it therefore aims to establish a new code of practice which will set out baseline security and privacy requirements for apps. Under new proposals, app stores for smartphones, game consoles, TVs, and other smart devices could be asked to commit to a new code of practice to boost app security and privacy standards, which would be the first such measure in the world, stated a press release on the UK government’s website. “The proposed code would require stores to have a vulnerability reporting process for each app so flaws can be found and fixed quicker. They would need to share more security and privacy information in an accessible way including why an app needs access to users’ contacts and location,” it added.
The Israel National Cyber Directorate (INCD) outlined its new national cybersecurity project The Cyber-Dome – a big data and AI overall approach to proactive defense. Announced by Gaby Portnoy, director general of INCD, the project aims to diminish cyberattacks in the country by elevating national cybersecurity through new mechanisms in the national cyber perimeter. “The Cyber-Dome will also provide tools and services to elevate the protection of the national assets as a whole. It will synchronize nation-level real-time detection, analysis, and mitigation of threats,” Portnoy stated. “We need to protect our national assets in the best possible way and make cybersecurity protocols we use for critical infrastructure available for more sectorial organizations – government and private.”
The Canadian government introduced proposed legislation to better protect Canadians and bolster cybersecurity across the financial, telecommunications, energy, and transportation sectors. Bill C-26, An Act Respecting Cyber Security (ARCS), sought to replace the Telecommunications Act to add security as a policy objective, bringing telecommunications in line with other critical sectors. “This will provide the government with the legal authority to mandate any necessary action to secure Canada’s telecommunications system. This includes prohibiting Canadian companies from using products and services from high-risk suppliers,” the government wrote. Furthermore, this legislation introduced the Critical Cyber Systems Protection Act (CCSPA) which lays a foundation for securing Canada’s critical infrastructure. “These legislative measures will help to further protect Canadians and defend our critical infrastructure in an evolving and increasingly complex digital environment,” commented Anita Anand, minister of national defense.
The German government announced plans to increase the nation’s cyber defenses in response to possible new threats from Russia amid its invasion of Ukraine. New measures put forward by Interior Minister Nancy Faeser involve promoting cyber resilience among small and medium enterprises and businesses that provide critical services such as transport, food, health, energy, and water supply, along with the introduction of a secure central video conferencing system for the federal government. A centralized platform for the exchange of information on cyberattacks between state and federal structures was also outlined, as were plans to modernize IT infrastructure of Germany’s domestic intelligence agency and police. Commenting, Faeser said, “The sea change we are facing in view of the Russian war of aggression against Ukraine requires a strategic repositioning and significant investment in our cybersecurity.”
Copyright © 2022 IDG Communications, Inc.
22 notable government cybersecurity initiatives in 2022 – CSO Online
By Michael Hill