• XRATOR
  • Our Experts
  • Contact Us
  • Privacy & Policy
Conquer your risk
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
  • Home
  • Articles
  • News
  • Research
  • State of the art
No Result
View All Result
Conquer your risk
No Result
View All Result
Home Cybersecurity

The six pillars of the USA Strengthening American Cybersecurity Act

The Strengthening American Cybersecurity Act (SACA) gives US authorities a big picture of cyber assaults against critical infrastructure.

Gwendal SmithbyGwendal Smith
November 22, 2022
in Articles, Cyberdefense, Cybersecurity, Risk Management
0
The Strengthening American Cybersecurity Act (SACA), gives US authorities a big picture of cyber assaults against critical infrastructure.

The Strengthening American Cybersecurity Act (SACA), signed into law in March of 2022, gives federal authorities an unprecedented look at all cyber attacks against critical infrastructure in the United States. Just prior the Russian invasion in Ukraine, critical Ukrainian websites were targeted by denial of service cyberattacks. Reminding that digital warfare is a key part of geopolitics and international relations.

Strengthen and safeguard USA’s cybersecurity

In March 2022, the SACA law was signed. It requires operators of critical infrastructure (including dams, transportation systems, and critical manufacturing) to notify the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of a data breach. Organizations that make ransomware payments have 24 hours to report information, including the amount of money demanded, payment instructions, the amount paid, and more.

The text has six main pillars:

  • Critical infrastructure security steering: definition of performance metrics and KPI to provide a baseline to drive investment toward the most important security outcomes.
  • Investment for Security by design: Investment to modernize and strengthen infrastructure, to bring high-speed internet to underserved parts of the country, to provide government grants to address cyber risk in critical infrastructure.
  • Cyber deterrence: Established in 2021, the International Counter-Ransomware Initiative (CRI) brings a collaborative platform with partners from around the world to address the problem of ransomware. In addition, their is a strengthening dialogues to establish cyber response using the mechanisms of NATO for critical incident response.
  • Cyber Norms & Frameworks: Working with international partner to call out unbearable state-sponsored cyber attacks. Development of labels for consumers, essentially in the IOT space, will also score and reward the highest cybersecure product.
  • Education: Build a cyber workforce by providing skills-based pathways to cybersecurity jobs. The idea is also to infuse the cybersecurity spirit and best practices into the society.
  • Technological supremacy: To develop today cybersecurity protection for tomorrow, such as quantum-resistant cryptography. The USA wants to position as the worldwide leader is quantum technologies, investment and intellectual properties.

The SACA initiative comes at a time when governments are dealing with a major shift in paradigm. The disappearance of the traditional security perimeter has made remote and hybrid working, as well as an increase in mobile gadgets, Internet-of-Things sensors, and other network-connected endpoints.

As a result, traditional firewalls and moat-and-castle security strategies are no longer adequate. To enhance cyber resilience, agencies must adopt a risk-based approach that minimizes and manages attacks when they occur.

SACA’s key lessons for everyone

While it is a USA regulation, their are key actions that any senior executives can take in the light of this state-of-the-art cybersecurity bill:

Test your proactive and reactive security posture: Perform security drills and wargames to test your procedures and readiness. At the time a cyber incident occurs, you will have developed individual reflex and collective coordination that are key to win cyber battle.

Continuous assessment: Gather internal and external insight of the evolving regulatory and threat landscape. It is mandatory to have an up-to-date security posture and to budget cybersecurity initiatives.

Implement modern cybersecurity framework: Leverage new paradigms such as Zero-trust architecture to add an additional layer of defense and hardening.

Train your employee: Organization’s staff is the first line of defense. They are on the front-line to detect advanced phishing attempt and malicious behavior on the network.

Take the adversary perspective: Threat actor do not see you as you see yourself. Take the shoes of your adversaries and ask yourself “what can I do to succeed in my malicious project”. It will open up new cyberdefense perspectives.

In today’s highly charged geopolitical climate, and with ransomware attacks on the rise, organizations are especially vulnerable to cyberattacks. Senior management need to get started now to build reporting capabilities and prepare for the event of a cyberattack.

Tags: CollaborationCyber StrategyexecutiveGeopoliticsIOTPersonal DataPreventive SecurityRegulationSecurity BaselineSecurity BudgetSecurity By DesignSecurity PostureUSAWarfare

Categories

  • Cybercrime
  • Malware
  • Vulnerability & Weakness
  • Threat Intelligence
  • Cyber Attacks
  • Cybersecurity
  • Offensive Security
  • Risk Management
  • Cyberdefense
  • Cyber Insurance

Popular News

  • The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    The H-Factor: Turning Human Into The Strongest Link Of Your Cybersecurity Strategy

    0 shares
    Share 0 Tweet 0
  • Understanding and Mitigating the Risk of Computer Memory Exploitation

    0 shares
    Share 0 Tweet 0
  • Three Social Impacts of Ransomware Operations

    0 shares
    Share 0 Tweet 0
  • Methods to Conduct an Insider Threat Risk Assessment

    0 shares
    Share 0 Tweet 0
  • Cyber War, Undefined By Military, Rationalized By Insurers

    0 shares
    Share 0 Tweet 0

"Conquer Your Risk" is a corporate blog for Cybersecurity and Risk Management executives and specialists, sharing XRATOR experts' views on Cybersecurity, Threat Intelligence, Risk Management and Cyber Insurance.

Categories

  • Articles
  • Cyber Attacks
  • Cyber Insurance
  • Cybercrime
  • Cyberdefense
  • Cybersecurity
  • Malware
  • News
  • Offensive Security
  • Research
  • Risk Management
  • Scams
  • State of the art
  • Threat Intelligence
  • Vulnerability & Weakness

Quick Links

  • XRATOR
  • Our Experts
  • Privacy Policy
  • Contact Us

XRATOR® – copyright 2020-2021

No Result
View All Result
  • Contact Us
  • Homepages

© 2018 JNews by Jegtheme.

Manage Cookie Consent
We use cookies to optimize our website and our service.
By closing this windows, you automatically deny non-functionals cookies.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}
Manage Cookie Consent
We use cookies to optimize our website and our service.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}