{"id":8597,"date":"2021-09-10T13:06:20","date_gmt":"2021-09-10T16:06:20","guid":{"rendered":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=8597"},"modified":"2021-09-10T13:06:20","modified_gmt":"2021-09-10T16:06:20","slug":"9-iniciativas-gubernamentales-notables-de-ciberseguridad-de-2021","status":"publish","type":"post","link":"https:\/\/www.fie.undef.edu.ar\/ceptm\/?p=8597","title":{"rendered":"9\u00a0iniciativas gubernamentales notables de ciberseguridad de 2021"},"content":{"rendered":"<p>Los estados est\u00e1n asumiendo cada vez m\u00e1s amenazas de ciberseguridad, como muestran estas nueve iniciativas dirigidas por gobiernos de todo el mundo. Las iniciativas de ciberseguridad lideradas por los\u00a0gobiernos\u00a0son acciones para abordar problemas de ciberseguridad como ataques destructivos, violaciones masivas de datos, mala postura de seguridad y ataques a infraestructura cr\u00edtica.<\/p>\n<hr \/>\n<p>Cybersecurity has steadily crept up the agenda of governments across the globe. This has led to initiatives designed to address cybersecurity issues that threaten individuals and organizations.<\/p>\n<p>\u201cGovernment-led cybersecurity initiatives are critical to addressing cybersecurity issues such as destructive attacks, massive data breaches, poor security posture, and attacks on critical infrastructure,\u201d Steve Turner, security and risk analyst at Forrester, tells CSO. \u201cThese initiatives provide consistent guidance on how organizations and consumers can protect themselves, provide services to companies that don\u2019t have the knowledge or monetary means to protect themselves, legislative levers that can be utilized, means of taking offensive actions against nation state adversaries, and most of all investigation of significant cyber incidents paired with critical information sharing during or after those incidents.\u201d<\/p>\n<p>Here are some of the most notable cybersecurity initiatives introduced by governments around the world in 2021:<\/p>\n<p><strong>US Department of Defense publishes Cybersecurity Maturity Model Certification<\/strong><\/p>\n<p>In January, the US Department of Defense (DoD) released the\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/3535797\/the-cybersecurity-maturity-model-certification-explained-what-defense-contractors-need-to-know.html#:~:text=The%20Cybersecurity%20Maturity%20Model%20Certification%20%28CMMC%29%20is%20a,sensitive%20defense%20information%20located%20on%20contractors%27%20information%20systems.\" target=\"_blank\" rel=\"noopener\">Cybersecurity Maturity Model Certification<\/a>\u00a0(CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. The CMMC reviews and combines various cybersecurity standards and best practices, mapping controls and processes across several maturity levels that range from basic to advanced cyber hygiene.<\/p>\n<p>\u201cFor a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats,\u201d reads the\u00a0<a href=\"https:\/\/www.acq.osd.mil\/cmmc\/\" target=\"_blank\" rel=\"nofollow noopener\">Office of the Under Secretary of Defense for Acquisition &amp; Sustainment website<\/a>. \u201cThe CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.\u201d The CMMC is designed to be cost-effective and affordable for all organizations, with authorized and accredited CMMC third parties conducting assessments and issuing CMMC certificates to DIB companies at the appropriate level.<\/p>\n<p>For Tom Brennan, CIO at Mandelbaum Salsburg P.C. and US chairman of CREST, the CMMC is perhaps the most important government cybersecurity initiative of 2021 in the US. \u201cFor a long time, the DoD has told DIB contractors that they have to comply with NIST standards, but there has been zero accreditation, enforcement, or audit associated with this particular control, and it has failed miserably,\u201d he tells CSO. The CMMC is so important because it involves legal assessments to test that government contractors are doing what they say they are from a security standpoint, and if they fail to meet CMMC requirements, they will lose their contracts, he says.<\/p>\n<aside id=\"\" class=\"nativo-promo nativo-promo-1 smartphone\"><\/aside>\n<p>\u201cIf you\u2019re going to be looking for new DoD contracts, those contacts will clearly state a company must be CMMC level 1, 2, 3, 4, or 5 compliant (depending on the level of maturity needed for the project) prior to undertaking new contracts.\u201d The CMMC is also becoming of greater interest to the cybersecurity industry because a lot of audit firms and service providers realize this is a cash cow, Brennan says.<\/p>\n<p><strong>Spanish government commits \u20ac450 million to cybersecurity industry, opens Hacker Academy<\/strong><\/p>\n<p>In April, Spain\u2019s state secretary for digitalization and artificial intelligence,\u00a0<a href=\"http:\/\/www.publicnow.com\/view\/37C37908BC5CA2E7A62BB967B4E974EF030D71EA?1618304593\" target=\"_blank\" rel=\"nofollow noopener\">Carme Artigas<\/a>, revealed that the Spanish government would invest more than \u20ac450 million over a three-year period to boost the country\u2019s cybersecurity sector. Artigas also announced the opening of an online Hacker Academy for Spanish residents aged 14 and over to train and attract talent. The training initiative was developed to run between May 3 and June 25 in an online format, featuring hundreds of participants competing in cybersecurity challenges.<\/p>\n<p>The National Cybersecurity Institute (INCIBE) will oversee a new strategic plan for the cybersecurity spending, addressing three key pillars of boosting the business ecosystem of the sector and attracting talent, strengthening the cybersecurity of individuals, SMEs and professionals, and consolidating Spain as an international cybersecurity hub.<\/p>\n<p><strong>US government announces ambitious cybersecurity executive order<\/strong><\/p>\n<p>In May, the Biden administration announced a bold\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/3618730\/biden-administration-releases-ambitious-cybersecurity-executive-order.html\" target=\"_blank\" rel=\"noopener\">cybersecurity executive order<\/a>\u00a0to chart a \u201cnew course to improve the nation\u2019s cybersecurity and protect federal government networks.\u201d The document came in the wake of significant supply chain attacks on\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/3601508\/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html\" target=\"_blank\" rel=\"noopener\">SolarWinds<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/3610389\/chinese-cyberespionage-group-hacks-us-organizations-with-exchange-zero-day-flaws.html\" target=\"_blank\" rel=\"noopener\">Microsoft<\/a>, along with the ransomware attack on Colonial Pipeline.<\/p>\n<p>The executive order is designed to minimize the frequency and impact of such incidents, setting out a series of proposals for bolstering cybersecurity within federal agencies, including:<\/p>\n<ul>\n<li>Removing barriers to threat information sharing between government and the private sector<\/li>\n<li>Modernizing and implementing stronger cybersecurity standards in the federal government<\/li>\n<li>Improving software supply chain security<\/li>\n<li>Establishing a cybersecurity safety review board<\/li>\n<li>Improving detection, investigative and remediation capabilities around cybersecurity incidents.<\/li>\n<\/ul>\n<p>\u201cThe cybersecurity executive order rapidly requires agencies to modernize their security posture through the introduction of\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/3247848\/what-is-zero-trust-a-model-for-more-effective-security.html\">zero trust<\/a>\u00a0architecture, enhanced technology procurement, develop requirement for a software bill of materials (SBOM), movement to the cloud, and so much more,\u201d Turner says. \u201cThis is going to have extensive downstream impacts to other countries and organizations since it will force many vendors and companies that do business with the government to have specific security practices in place as well as have specific data on hand that other organizations will be able to tap into.\u201d<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\"><\/aside>\n<p><strong>Australian government introduces Critical Infrastructure Uplift Program<\/strong><\/p>\n<p>In May, the Australian government introduced the\u00a0<a href=\"https:\/\/www.cyber.gov.au\/acsc\/view-all-content\/programs\/critical-infrastructure-uplift-program-ci#:~:text=The%20Critical%20Infrastructure%20Uplift%20Program%20%28CI-UP%29%20is%20a,Cyber%20Enhanced%20Situational%20Awareness%20and%20Response%20%28CESAR%29%20package.\" target=\"_blank\" rel=\"nofollow noopener\">Critical Infrastructure Uplift Program<\/a>\u00a0(CI-UP) to identify and resolve vulnerabilities in critical infrastructure, helping providers to raise their cybersecurity maturity through evaluating their existing security program and implementing recommended risk mitigation strategies. The modular cybersecurity program is open to critical infrastructure entities that are\u00a0<a href=\"https:\/\/www.cyber.gov.au\/partner-hub\/acsc-partnership-program\" target=\"_blank\" rel=\"nofollow noopener\">ACSC partners<\/a>\u00a0and is designed to:<\/p>\n<ul>\n<li>Evaluate cybersecurity maturity of critical infrastructure and systems of national significance using a combination of the Cyber Security Capability and Maturity Model (C2M2) and Essential 8 maturity models<\/li>\n<li>Deliver prioritized vulnerability and risk mitigation strategies<\/li>\n<li>Assist partners to implement the recommended risk mitigation strategies<\/li>\n<\/ul>\n<p>\u201cWith the rise in attacks on critical infrastructure such as electrical grids and pipelines, this is such a critical service to helping rapidly increase the security posture of these entities,\u201d says Turner.<\/p>\n<p><strong>US lawmakers propose American Cybersecurity Literacy Act<\/strong><\/p>\n<p>In June, bipartisan House lawmakers introduced a proposal for the\u00a0<a href=\"https:\/\/www.congress.gov\/bill\/117th-congress\/house-bill\/4055\/text\" target=\"_blank\" rel=\"nofollow noopener\">American Cybersecurity Literacy Act<\/a>, new legislation to boost cybersecurity awareness and knowledge of data security among internet users in the US. Currently under review by the House Committee on Energy and Commerce, the act sets out that the US has a national security and economic interest in promoting cybersecurity literacy , establishing that the assistant secretary for communications and information shall develop and conduct a cybersecurity literacy campaign of best practices to reduce cybersecurity risks.<\/p>\n<p>Commenting on the proposal, Dave Stapleton, CISO at CyberGRX, tells CSO that the threat of cyberattacks and the need for meaningful countermeasures is proving to be one of the few matters that enjoys bipartisan agreement in the US government. \u201cThe American Cybersecurity Literacy Act\u2019s focus on educating the American public is spot on. Quite often the threats facing us as individuals are the same, or derivative, of those facing corporations. We see this evidenced in the number of\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/3624674\/business-email-compromise-bec-attacks-take-phishing-to-the-next-level.html\">business email compromise (BEC) attacks<\/a>\u00a0that are received on employees\u2019 personal devices. The line between our professional and personal lives is increasingly blurred, making a threat to an individual a likely threat to their employer.\u201d<\/p>\n<p>Identity-based attacks are some of the most common in both corporate and private America, and for good reason\u2014compromising a legitimate identity is an efficient method to bypass the security safeguards implemented by individuals and their companies, Stapleton says. \u201cTherefore, it is encouraging to see that the American Cybersecurity Literacy Act, if passed, will be zeroing in on the threat of phishing and the need for everyone to enable and use multi-factor authentication (MFA) whenever possible.\u201d<\/p>\n<p><strong>French government releases cyberattack alert system<\/strong><\/p>\n<p>In July, the French government launched a new warning system for small- and medium-sized companies to support them in the event of cyberattacks, informing businesses of the actions they should take in response to incidents. The system was presented by C\u00e9dric O, secretary of state in charge of Digital Transition and Electronic Communications, along with other senior officials.<\/p>\n<p><a href=\"https:\/\/www.publicnow.com\/view\/D5B3B8A94DAA08AA88B8A5382C31D5717CF7080B\" target=\"_blank\" rel=\"nofollow noopener\">According to a government press release<\/a>, when a vulnerability or an attack campaign that is particularly critical for small and medium companies is detected, a brief and understandable notice for business leaders is published by the national victim assistance system and the National Agency for the Security of Information Systems (ANSSI). It is then transmitted to bodies including interprofessional organizations, the consular networks of the Chambers of Commerce and Industry (CCI) and the Chambers of Trades and Crafts (CMA), before being relayed as widely as possible to business leaders. The French government believes the speed of information and the ability to take immediate action will allow companies to better protect themselves and therefore limit the impact of cyberattacks on the French economic fabric.<\/p>\n<p><strong>UK Ministry of Defense completes maiden bug bounty program<\/strong><\/p>\n<p>In August, the UK Ministry of Defence (MoD) announced the completion of its first bug bounty program. In association with HackerOne, it invited ethical hackers to take part in a 30-day challenge to investigate and identify vulnerabilities in its digital assets that required fixing, granting them direct access to its internal systems. The program aimed to help the MoD better secure and defend its cyber systems and 750,000 devices, following the\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/3615656\/what-the-uk-s-cyber-power-strategy-means-for-private-sector-cybersecurity.html\" target=\"_blank\" rel=\"noopener\">UK government\u2019s new cyber strategy<\/a>\u00a0(released in March) to enhance the country\u2019s cyber strength in an increasingly digital world.<\/p>\n<p>Speaking at the closing of the program, MoD CISO Christine Maxwell said the MoD had embraced a strategy of security by design with transparency being integral for identifying areas for improvement in the development process. \u201cIt is important for us to continue to push the boundaries with our digital and cyber development to attract personnel with skills, energy, and commitment,\u201d she added. \u201cWorking with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.\u201d<\/p>\n<p>In the same month, the\u00a0<a href=\"https:\/\/www.gov.uk\/government\/publications\/defence-and-security-accelerator-dasa-open-call-for-innovation\/open-call-innovation-focus-areas#IFA029\" target=\"_blank\" rel=\"nofollow noopener\">MoD also issued a call to startups<\/a>\u00a0to design a new generation of secure hardware and software to help the military reduce its cyberattack surface, offering to fund proposals up to \u00a3300,000 for a nine-month contract.<\/p>\n<p><strong>Italian government opens national cybersecurity agency<\/strong><\/p>\n<p>In August, the Italian parliament approved government plans to establish a new cybersecurity agency to combat cyberattacks targeting the nation, part of a wider strategy to create a secure, unified cloud infrastructure for the country. First announced in June, the\u00a0<a href=\"https:\/\/www.coondivido.it\/nasce-lagenzia-per-la-cybersicurezza-nazionale-cose-e-come-funziona\/\" target=\"_blank\" rel=\"nofollow noopener\">Agenzia per la Cybersicurezza Nazionale<\/a>\u00a0(ACN) will consist of 300 staff initially and aims to reach 1,000 employees by 2027. It will be headed by Roberto Baldini, deputy director general of the Department of Information for Security (DIS). Its various aims include exercising the functions of national authority in the field of cybersecurity, developing national prevention, monitoring, detection, and mitigation capabilities to cope with cybersecurity incidents and cyberattacks, and contributing to raising the security of information and communications technology systems.<\/p>\n<p>Adam Bangle, vice president EMEA at BlackBerry, says the success of the Italian government\u2019s new national cybersecurity ambitions will depend on it achieving key goals. \u201cFirst comes safety standardization. Establishing security standards and safe software development principles, exercising zero trust across entire systems, and ensuring that every security protocol is implemented and enforced to avoid any blind spots in perimeter defenses, should be an integral part of any national cyber strategy. Secondly, and most crucially, they must take\u202fa proactive, prevention-based security posture\u202fto\u202fcybersecurity.\u201d<\/p>\n<p><strong>UK government kicks off Cyber Runway business growth program<\/strong><\/p>\n<p>In August, the UK government unveiled the\u00a0<a href=\"https:\/\/www.gov.uk\/government\/news\/new-programme-to-spark-wave-of-growth-in-uks-thriving-cyber-sector\" target=\"_blank\" rel=\"nofollow noopener\">Cyber Runway project<\/a>\u00a0aimed at sparking growth in the UK\u2019s cybersecurity sector. In the expressions of interest phase at the time of writing, Cyber Runway will see entrepreneurs and businesses across the UK get access to business masterclasses, mentoring, product development support, networking events, and backing to trade internationally and secure investment so they can turn their ideas into commercial successes.<\/p>\n<p>Minister for digital infrastructure Matt Warman says the project will tackle barriers to growth, increase investment, and give firms vital support to take their businesses to the next level. \u201cThe program will also support founders and innovators from a diverse range of backgrounds\u2014targeting applicants from underrepresented groups in the UK\u2019s cyber sector such as women and people from black, Asian and minority ethnic backgrounds.\u201d<\/p>\n<p>Cyber Runway aims to support 160 companies over the course of six months and is funded by the Department for Digital, Culture, Media and Sport (DCMS) with support from CyLon, Deloitte and the Centre for Secure Information Technologies (CSIT). \u201cThe UK\u2019s cybersecurity ecosystem is at a critical and exciting point in its development, with both new challenges and new opportunities having arisen out of the pandemic,\u201d adds Nick Morris, CEO at CyLon. \u201cCyber Runway will support UK innovators to develop the crucial security technologies that will safeguard the future of our digital economy.\u201d<\/p>\n<p><strong>Fuente:<\/strong> <a href=\"https:\/\/www.csoonline.com\/article\/3630632\/9-notable-government-cybersecurity-initiatives-of-2021.html\" target=\"_blank\" rel=\"noopener\"><em>https:\/\/www.csoonline.com<\/em><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Los estados est\u00e1n asumiendo cada vez m\u00e1s amenazas de ciberseguridad, como muestran estas nueve iniciativas dirigidas por gobiernos de todo el mundo. Las iniciativas de&hellip; <\/p>\n","protected":false},"author":1,"featured_media":8598,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[23,28],"tags":[],"_links":{"self":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/8597"}],"collection":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8597"}],"version-history":[{"count":1,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/8597\/revisions"}],"predecessor-version":[{"id":8599,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/posts\/8597\/revisions\/8599"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=\/wp\/v2\/media\/8598"}],"wp:attachment":[{"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8597"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8597"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fie.undef.edu.ar\/ceptm\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8597"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}