2023 will be a pivotal year for federal contractors when it comes to cybersecurity as a number of important items are on the table and up for discussion.

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that Iran will threaten U.S. persons directly and via proxy attacks, particularly in the Middle East. Iran also remains committed to developing networks inside the United States—an objective it has pursued for more than a decade.”

In late December, 2022, President Biden signed into law the “Quantum Computing Cybersecurity Preparedness Act”. The Act, which interestingly did not receive much media attention, recognizes that current encryption protocols used by the United States government might one day be vulnerable to compromise as a result of quantum computing, which could allow our enemies to steal sensitive encrypted data.

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that North Korea continues to engage in illicit activities, including cyber theft and the export of UN-proscribed commodities to fund regime priorities, including Kim’s WMD program.”

A keynote Speech by NSA Director, GEN Paul M. Nakasone at the Privacy and Civil Liberties Oversight Board Public Forum, stressed the importance of Section 702, and without Congress acting, it will sunset on December 31, 2023, unless Congress passes legislation to reauthorize it.  Said Nakasone, “Without Section 702, we will lose critical insights into the most significant threats to our nation...FISA Section 702 is irreplaceable.  It is focused and limited, yet agile enough to address national security threats in an ever-changing, technological and threat environment.”

Per a Department of Defense (DoD) memorandum sent to senior Pentagon Leadership in February, 2022, it acknowledged that while the Risk Management Framework (RMF) establishes the continuous management of system cybersecurity risk, current RMF implementation focuses on obtaining system authorizations (ATOs), yet falls short in implementing continuous monitoring of risk once authorization has been reached. 

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that China presents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private sector networks. China’s cyber pursuits and export of related technologies increase the threats of attacks against the U.S. homeland, suppression of U.S. web content that Beijing views as threatening to its control, and the expansion of technology-driven authoritarianism globally.”

The year was 2015, an eternity in today's world of growing cybersecurity threats, regardless, General (Ret) Keith B. Alexander, Director of the NSA from 2005 - 2014, sounded the alarm of the present dangers of that time, and what was to come.  In a prepared statement before the Senate Armed Services Committee, the now retired General - 20 months out of office as Director of NSA & USCYBERCOM, spoke of the four major threats in the cyber domain: cyber attack, cyber espionage, cyber theft of intellectual property, and criminal activity.

Per the 2022 Annual Threat Assessment of the U.S. Intelligence Community, a publication from the Office of the Director of National Intelligence (DNI) “We assess that Russia will remain a top cyber threat as it refines and employs its espionage, influence, and attack capabilities. We assess that Russia views cyber disruptions as a foreign policy lever to shape other countries’ decisions, as well as a deterrence and military tool.”