Reflecting on the past, envisioning the future
This month marks the 20th anniversary of Cybersecurity Awareness Month, as well as the beginning of a new government fiscal year. I’d like to take this milestone opportunity to delve into some recent notable cybersecurity events, the broader implications for government agencies, and my vision as GSA continues to play a pivotal role in positioning agencies to create a safer and more secure digital future.
The 2023 Verizon Data Breach Investigations Report shows external actors were responsible for 83% of breaches. Continued cyber breaches, such as Volt Typhoon and the MOVEit application exploit not only cause disruption and pose a serious threat to our national security, but lay the groundwork for more sophisticated cyber attacks. Hackers will leverage any flaw in the cyber environment to gain access to sensitive information. Our adversaries are not resting, and neither can we.
In March 2023, the White House released an updated National Cybersecurity Strategy with ongoing initiatives aimed at enhancing the nation’s cybersecurity capabilities and comprehensive approach. It aligns numerous strategic objectives under five pillars:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
The White House later published its National Cybersecurity Strategy Implementation Plan which includes specific guidance for agencies as they implement the strategy’s requirements and key objectives.
The Department of Defense completed its Cyber Strategy in May 2023. The strategy underscores the ongoing advancement of Zero Trust Architecture (ZTA) and the technological solutions and services to fortify critical infrastructure, ensuring vital systems and assets are safeguarded. In August 2023, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Strategic Plan that aligns with the National Cybersecurity Strategy and lays out how agencies can fulfill their cybersecurity mission over the next three years. As plans are implemented, GSA is prepared to incorporate updated frameworks and standards into our solutions to meet agencies’ needs and requirements.
As we move forward into the new fiscal year, the Office of Management and Budget (OMB) continues to emphasize cybersecurity priorities for civilian agencies to consider when developing FY24 and FY25 budget requests. These include continued implementation of ZTA, investment in Cybersecurity Supply Chain Risk Management (C-SCRM) practices, and most recently Post-Quantum Cryptography (PQC). Details can be found in the OMB Memorandum M-22-16, M-23-18, and the Quantum-Readiness: Migration to Post-Quantum Cryptography fact sheet. Additionally, OMB outlined Research and Development Priorities for the FY25 budget which include addressing cybersecurity risks through resilient architectures. As the cybersecurity landscape is in a constant state of evolution, adapting to new guidance is imperative to Improving the Nation’s Cybersecurity.
How GSA supports agencies
GSA recognizes that every agency has unique needs, but the overarching goals remain. That is why GSA works diligently to support the modernization of security to enhance cyber resilience, protect important information, and maintain systems access and function.
To help agencies meet their goals, GSA developed a suite of resources on cybersecurity topics, such as ZTA and C-SCRM. Buyer’s guides and informational videos are available to help identify which solutions best fit agency IT security needs. In addition, our acquisition templates make procuring the products and services that modernize security and strengthen cyber resilience easy and efficient. Find the guides and more at www.gsa.gov/itsecurity.
Our commitment
At GSA we understand collaboration with other agencies, and our industry partners, is crucial for addressing the evolving and global nature of cybersecurity threats. We are committed to continue our efforts to provide comprehensive and impactful government-centric cybersecurity solutions that address the need for modernization today and protect assets from the cyber threats of tomorrow.
Stay up to date
We are available to agencies throughout the entire acquisition lifecycle. The GSA IT Category team offers subject matter expertise and is available to answer questions related to purchasing a full range of IT products and services. Please contact the IT Customer Service Center at 855-ITaid4U/855-482-4348 or itcsc@gsa.gov.