As the year 2024 draws to a close, it’s time to shift our focus towards contemplating the landscape of public cybersecurity in the upcoming year 2025.
An encouraging point to consider is that cybersecurity will persist as a paramount concern for the government, irrespective of the ruling party, given that numerous ongoing cybersecurity endeavors enjoy bipartisan support. However, what will the outlook for government cybersecurity appear like in 2025?
Will the nation witness an improvement compared to the present state? What are the promising indicators that could herald a fruitful year for national cybersecurity? And what potential threats should we be vigilant about?
To unravel answers to these critical queries, we engaged in a discussion with Jake Braun, the former Principal Deputy National Cyber Director during President Biden’s term, and a lecturer and senior advisor at the Harris School of Public Policy at the University of Chicago.
The present condition of cybersecurity
According to Braun, the present state of cybersecurity within the nation displays notable advancement. Nevertheless, he asserts that it remains an evolving domain.
Recent endeavors, such as the White House’s initiatives to modernize security protocols, are propelling progress forward. Braun highlights that the drive towards utilizing memory-secure programming languages like Rust to substitute outdated, vulnerable languages, along with efforts towards enhancing BGP security, signify that national-level cybersecurity is receiving strategic prioritization.
“The emphasis has shifted from rectifying specific vulnerabilities to eradicating entire categories of threats by fortifying foundational infrastructure,” he remarked.
Another intriguing development is the government’s stance on addressing the cybersecurity skills shortage by transitioning away from mandating traditional four-year degrees for cybersecurity roles. Instead, there’s an emphasis on skill-oriented training to swiftly and efficiently address cybersecurity staffing gaps.
“It’s imperative to transcend the obsolete belief that every cybersecurity position necessitates a Ph.D. or even a four-year degree,” mentioned Braun. “Several of these roles can be filled by individuals with practical experience and specialized skills training, thereby broadening the talent pool and effectively addressing critical workforce shortcomings.”
Despite persisting challenges like excessive regulation and fragmented compliance requisites, noticeable headway is being made in streamlining these aspects to reallocate resources for genuine security enhancements.
What will be the landscape of government cybersecurity in 2025?
The trajectory of government cybersecurity is anticipated to transition into a more cohesive and strategically aligned initiative. There will likely be sustained efforts to synchronize cybersecurity regulations, consequently reducing bureaucratic overhead for both corporations and government bodies.
“By the year 2025, I envision the emergence of a considerably more unified paradigm governing cybersecurity regulations,” he projected. “This would substantially alleviate the burden on corporations, enabling them to concentrate on authentic security measures rather than compliance paperwork.”
Another pivotal area of focus, though not directly linked to cybersecurity at first glance, pertains to enhancing the resilience of critical infrastructure. The Bipartisan Infrastructure Law (BIL), the CHIPS Act, and the Inflation Reduction Act have already set the groundwork for fortifying cybersecurity in sectors like energy, transportation, and telecommunications. These investments are poised to deliver substantial enhancements in the security posture of both public and private infrastructure — essentially embedding cybersecurity at the core of modernization endeavors rather than relegating it as an afterthought.
One instance Braun highlights is the modernization of electrical grids and water systems, encompassing augmented cyber safeguards to avert both physical and digital disruptions.
“These three legislations encapsulate nearly $2 trillion worth of investments in our nationwide infrastructure,” he stated. “Although cybersecurity is explicitly mentioned in only a few instances, it’s implicitly intertwined in almost every facet of these legislations. Building a new wind farm and integrating it into the grid necessitates cyber involvement.”
Another ongoing effort expected to persist is the emphasis on public-private collaborations. Despite lingering hesitations surrounding information sharing, the government acknowledges that effective cybersecurity necessitates collaborative efforts. Enhanced cooperation with private sector entities will be pivotal for sharing threat intelligence, aligning security protocols, and promptly addressing emergent threats.
Revisiting the skills deficit dilemma, Braun anticipates a heightening focus on cybersecurity education and workforce cultivation. Initiatives to retrain employees, offer hands-on coaching, and advocate for diversity within the cybersecurity workforce are poised for expansion.
“While technology inherently harbors vulnerabilities because… converse with any hacker present at DefCon, and they’ll affirm the penetrability of virtually anything… I believe we are adorning ourselves more strategically, bestowed with richer resources and more strategic initiatives currently underway, in contrast to earlier times,” he expounded.
What threats should we remain conscious of?
Notwithstanding the plethora of optimistic prospects, potential adversarial threats loom on the horizon. As per Braun, geopolitical tensions, especially concerning Ukraine, alongside China’s aspirations in Taiwan, present formidable cybersecurity hurdles.
“These scenarios could profoundly influence the trajectory of cyber threats and alter our defensive positioning requirements,” he articulated.
The culmination of these international developments will sculpt the evolution of cyber threats and delineate how the U.S. can fortify itself against both state-backed and independent malicious actors.
Braun proposes that The New Great Game centered around controlling the internet — whether it perpetuates as a free and democratic domain or diverges towards fragmentation and authoritarianism — represents an issue warranting global governments’ keen attention. The consequence can reverberate across the globe’s digital freedom landscape.
“China’s Belt and Road Initiative has cornered numerous smaller nations into precarious situations, extending China the leverage to advocate its authoritarian model of internet governance. This could culminate in a dispersed global internet, bearing weighty repercussions on cybersecurity and digital liberty,” Braun cautioned.
Confronting cybersecurity in 2025 through proactive initiatives
Nonetheless, Braun adopts a cautiously optimistic stance towards the approaching 2025 period. He underscored that despite the inherent vulnerabilities in technology, the government’s strategic approach — coupled with substantial investments — paves the way for national cybersecurity’s forthcoming landscape to exude greater promise than witnessed in preceding years.
“The nation is poised to be better primed owing to significant investments in infrastructure and security standards, alongside endeavors to enhance workforce competencies,” he concluded. “The extensive investments we’re channeling into infrastructure and cybersecurity standards are poised to situate us in a much more favorable sphere. We’re observing proactive initiatives, such as fortifying cybersecurity in pivotal realms like water utilities, essential for both civil and military stability.”