Download this article in PDF format.
Cyberattacks on governments and agencies are on the rise as the “bad actors” find new ways to infiltrate systems, steal data and exploit the keepers of that data. In the month of September alone, Indian hacktivists targeted Canada’s military and parliament websites with DDoS attacks; Iranian hackers launched a cyberattack against Israel’s railroad network; a cyberattack hit Bermuda’s Department of Planning and other government services; and a ransomware attack wiped out four months of Sri Lankan government data, according to the Center for Strategic & International Studies (CSIS).
One month earlier, Chinese hackers targeted a U.S. military procurement system for reconnaissance; named hackers took X offline in several countries and demanded that owner Elon Musk open Starlink in Sudan; and cybercriminals began selling data stolen from China’s Ministry of State Security.
The attacks hit closer to home in June, when several U.S. federal government agencies were hit in a global cyberattack focused on MOVEit, a software application that agencies use to transfer data. According to CNN, the Department of Energy was one of the federal agencies breached in this ongoing hacking campaign.
“The news adds to a growing tally of victims of a sprawling hacking campaign that began two weeks ago and has hit major US universities and state governments,” CNN reported at the time. “The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.”
How the Government is Responding
In July, the White House released an implementation plan for cybersecurity strategy. The federal plan focused on Uncle Sam’s collaboration with the private sector and others to implement the National Cybersecurity Strategy (which was first introduced in 2022). The plan calls for two fundamental shifts in how the United States allocates roles, responsibilities and resources in cyberspace:
- Ensuring that the biggest, most capable, and best-positioned entities—in the public and private sectors—assume a greater share of the burden for mitigating cyber risk.
- Increasing incentives to favor long-term investments in cybersecurity.
Last month, the National Security Agency (NSA) introduced its own plan for thwarting cybercriminals, with a focus on mitigating supply chain risk.
In its new Cybersecurity Information Sheet (CSI), the agency encourages all U.S. Government departments and agencies operating National Security Systems (NSS) to implement a robust supply chain risk management strategy. “Enterprise computing systems should be procured with a robust set of security capabilities that are tested before acceptance,” the NSA said in a press release. “The CSI details implementation of a supply chain risk mitigation process that utilizes Trusted Platform Modules (TPMs) and Platform Certificates.”
The Role of the TPM in Cybersecurity A small security chip embedded in most enterprise computing systems, the TPM stores keys associated with certificates created by vendors and manufacturers. The keys are then used during acceptance testing to validate the integrity of the computing system. The Department of Defense (DoD) requires TPMs to be included in all computer asset purchases.
“Using TPMs as recommended in the CSI will extend validation capabilities to hardware components provided by vendors and manufacturers,” the NSA says in its report. “The CSI informs procurement professionals and original equipment manufacturers (OEMs) about provisions and capabilities to support the testing and validation of enterprise computing systems.”
More Innovations Ahead
Looking ahead, the NSA says there are some “very promising” new technologies being developed on the cybersecurity front. For example, Reference Integrity Manifests (RIMs) are digital documents that provide information about the relationships between different pieces of data.
Reference Integrity Manifests can provide signed firmware digests that can be used in conjunction with TPM and to affirm that the firmware has booted the device into a known or “trusted” state, according to the NSA. They can also be used to detect and prevent data breaches; monitor data access and usage; identify suspicious activity; and enforce data controls.