Report Reveals How US Has 'Not Advanced the Ball' on Top Cyber Risks

NicoElNino/Getty Images

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
Edward Graham By Edward Graham,
Staff Reporter, Nextgov/FCW

By Edward Graham

|

The top cybersecurity risks of 2023 include a shortage of trained cyber professionals, international strife and continued vulnerabilities in critical infrastructure services, according to a new report from the Bipartisan Policy Center.

Increasing geopolitical tensions, vulnerabilities in critical infrastructure and a patchwork of needed regulations are some of the factors contributing to a host of cybersecurity threats facing the public and private sectors in the new year, a panel of experts said during an event hosted by the Bipartisan Policy Center on Monday.

The panel discussion was held to mark the release of a new report from the Washington-based think tank, which examined some of the top cybersecurity risks facing individuals, companies and government in 2023. The report identified eight “macro risks” likely to represent the biggest threats in cyberspace this year, including: an evolving geopolitical environment; a global cyber arms race; vulnerable critical infrastructure; a lack of needed investments in cyber preparedness; regulatory uncertainty; a shortage of cyber talent; insufficient corporate governance; and economic uncertainty. 

The report was drafted by a working group of state officials, former federal officials and lawmakers, and representatives from companies and advocacy groups. Credit reporting agency Equifax, which experienced its own high-profile data breach in 2017, partnered with the Bipartisan Policy Center to produce the report. 

Jamil Farshchi, executive vice president and chief information security officer at Equifax, said that “roughly 85% of the things that are on [the report] aren’t novel”—such as ongoing risks to critical infrastructure and lagging governance concerns—but added that the inability to rectify these issues remains a constant source of concern for the public and private sectors. 

“The most surprising thing to me is that a lot of the risks that we've highlighted here are the same risks that, I think, could have been on this list had we done it five years ago, or maybe even 10 years ago,” Farshchi said. “And so, in some ways, it's predictable, somewhat. But in other ways, it's discouraging because we as a community, we as a country, have not advanced the ball effectively enough to be able to mitigate or even draw down some of the risks that we've highlighted.” 

Some of these existing risks have been further exacerbated by increased geopolitical tensions, which have manifested in the form of state-sponsored ransomware and cyber attacks on critical infrastructure services and online mis- and disinformation campaigns. 

“While these conflicts may be localized, cyber threats can have far-reaching effects given the global nature of the internet,” the report said. “The internet and other technologies have allowed actors to carry out these activities remotely and nearly instantaneously.”

Christopher Painter, who served as the State Department's coordinator for cyber issues in the Obama and Trump administrations, cited heightened U.S. tensions with China and Russia’s invasion of Ukraine as some of the global factors potentially worsening systemic cyber risks. But he added that growing awareness of potential threat actors, coupled with an increase in high-profile cyber incidents, is also helping to highlight the importance of enhanced cybersecurity measures. 

“Because of the ransomware sort of pandemic we've seen over the last number of years, there's a much more heightened awareness than there has been before,” Painter said. “And so calling attention to these risks, I think, is really important, and trying to catalog them is really important.” 

While the report said that key risk factors—such as vulnerable operating systems, outdated code and a lack of trained cybersecurity professionals—remain viable concerns throughout 2023, it also noted that “overlapping, conflicting and subjective regulations” present their own cyber-related challenges. The report cited the passage of one-size-fits-all cyber regulations and the ”balkanization of data privacy and breach disclosure laws” as some of the issues affecting the public and private sectors. 

The panelists said that progress on some related fronts—such as a renewed interest in Congress to pass a federal data privacy framework—would also help to alleviate some concerns regarding the ill-defined cyber policy landscape. 

“I think the place where we've seen the most action in the regulatory area is through the privacy lens,” said Noopur Davis, executive vice president and chief information security and product privacy officer at Comcast. “But the privacy lens, then, of course, impacts the security lens. So it’s that focus on privacy that's also shifting into cyber. And that, I think, feels different now than it did five years ago—it feels more immediate in 2023.”

NEXT STORY: CISA, South Korean Agencies Issue Joint Warning on North Korean Ransomware

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.