North Korea’s state-run cyber operation is known as Bureau 121, believed to be established approximately in 1998 by then-leader Kim Jong Il.  Professor Kim Heung-Kwang, a North Korean defector, readily admits that during his more than two decades at Hamheung Computer Technology University, he trained countless students on the very foundation of computer networks. And the best and the brightest of these students? They were pulled out and given extensive training in cybersecurity.

Ukraine suffered an almost threefold growth in cybersecurity attacks over the past year, according to Viktor Zhora, the Deputy Chairman and Chief Digital Transformation Officer at the State Service of Special Communication and Information Protection of Ukraine.  Zhora's comments came while visiting London to discuss cybersecurity strategy with the UK's National Cyber Security Centre (NCSC), a part of GCHQ.  Tom Tugendhat, UK Security Minister, noted that there is a real fight "...against Russian barbarism goes beyond the battlefield” and terror inflicted on civilians. “There is the real and persistent threat of a Russian cyber-attack on Ukraine’s critical infrastructure.”

The NIST Cybersecurity Framework - Framework for Improving Critical Infrastructure Cybersecurity  - last updated to version 1.1 in April, 2018, could have “Potential Significant” changes in the near future.  On January 19, 2023, NIST published NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework, which it stated the following:

After years of failed voluntary, self-assessment cybersecurity compliance mandates, the Biden administration is moving aggressively in launching a series of heavy-handed regulations in hopes of shoring up America’s cyber defenses.  According to James Lewis, a cybersecurity expert at the Center for Strategic and International Studies think tank, “It’s a break from the previous strategies, which focused on information sharing and public-private partnership as the solution…This goes well beyond that. It says things that others have been afraid to say.”

2023 will be a pivotal year for federal contractors when it comes to cybersecurity as a number of important items are on the table and up for discussion.

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that Iran will threaten U.S. persons directly and via proxy attacks, particularly in the Middle East. Iran also remains committed to developing networks inside the United States—an objective it has pursued for more than a decade.”

In late December, 2022, President Biden signed into law the “Quantum Computing Cybersecurity Preparedness Act”. The Act, which interestingly did not receive much media attention, recognizes that current encryption protocols used by the United States government might one day be vulnerable to compromise as a result of quantum computing, which could allow our enemies to steal sensitive encrypted data.

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that North Korea continues to engage in illicit activities, including cyber theft and the export of UN-proscribed commodities to fund regime priorities, including Kim’s WMD program.”

A keynote Speech by NSA Director, GEN Paul M. Nakasone at the Privacy and Civil Liberties Oversight Board Public Forum, stressed the importance of Section 702, and without Congress acting, it will sunset on December 31, 2023, unless Congress passes legislation to reauthorize it.  Said Nakasone, “Without Section 702, we will lose critical insights into the most significant threats to our nation...FISA Section 702 is irreplaceable.  It is focused and limited, yet agile enough to address national security threats in an ever-changing, technological and threat environment.”