As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.
The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?
Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should we be looking out for?
To get the answers to these pressing questions, we spoke with Jake Braun, former Principal Deputy National Cyber Director under President Biden and lecturer and senior advisor at Harris School of Public Policy at the University of Chicago.
The current state of cybersecurity
According to Braun, the current state of cybersecurity in the country is showing significant progress. Still, he says, it remains a work in progress.
Recent initiatives, such as the White House’s efforts to modernize security policies, are moving the needle forward. Braun notes that the push towards using memory-safe programming languages like Rust to replace older, vulnerable languages and initiatives for improving BGP security are signs that national-level cybersecurity is receiving strategic attention.
“The focus has shifted from addressing specific vulnerabilities to eliminating entire classes of threats by enhancing infrastructure fundamentals,” he said.
Another exciting development is the government’s approach to the cybersecurity skills gap, as they move away from requiring traditional four-year degrees for cybersecurity roles. Instead, there’s a push towards skill-based training, aiming to fill gaps in cybersecurity staffing quickly and effectively.
“We need to move past the outdated notion that every cybersecurity role requires a Ph.D. or even a four-year degree,” Braun said. “Many of these roles can be filled by individuals with hands-on experience and targeted skills training, which allows us to broaden the talent pool and address critical workforce shortages more effectively.”
While challenges like over-regulation and fragmented compliance requirements still exist, there is notable progress in streamlining these areas to free up resources for actual security improvements.
What will government cybersecurity look like in 2025?
Government cybersecurity is expected to evolve into a more cohesive and strategically aligned effort. There will likely be continued work on harmonizing cybersecurity regulations, which will reduce the bureaucratic overhead for corporations and government entities alike.
“By 2025, I expect we will see a much more unified approach to cybersecurity regulations,” he said. “It will significantly reduce the burden on corporations and allow them to focus on real security measures rather than compliance paperwork.”
Another key area of focus, while not directly cybersecurity-related at first glance, is improving the resilience of critical infrastructure. The Bipartisan Infrastructure Law (BIL), the CHIPS Act and the Inflation Reduction Act have already laid the groundwork for enhancing cybersecurity in sectors like energy, transportation and telecommunications. These investments are expected to bring about significant improvements in the security posture of both public and private infrastructure — essentially ensuring that cybersecurity is built into the core of modernization efforts rather than being an afterthought.
One example Braun points to is modernizing the electrical grid and water systems, including enhanced cyber protections to prevent both physical and digital disruptions.
“Those three bills make up almost $2 trillion of investment in our infrastructure around the country,” he said. “And while cyber’s only called out explicitly in a few places, it’s kind of implicit in pretty much every single aspect of these bills. You can’t build a new wind farm and hook it up to the grid without there being cyber involved.”
Another effort that is expected to continue is the focus on public-private partnerships. While a distrust in information sharing still exists, the government recognizes that effective cybersecurity cannot be achieved in isolation. Increased collaboration with private sector companies will be critical for sharing threat intelligence, aligning security standards and responding swiftly to emerging threats.
Circling back to the skills gap issue, Braun expects there will be an increased emphasis on cybersecurity education and workforce development. Programs to re-skill workers, provide hands-on training, and promote diversity within the cybersecurity workforce will be expanded.
“While technology is inherently not secure because… just talk to any hacker at DefCon and they’ll tell you that you can hack pretty much anything… I do think that we’re being more strategic, and we’ve got more resources and more initiatives that are strategic and not just tactical going on now than we did before.”
What threats should we be aware of?
Despite the many reasons for optimism, potentially harmful threats are on the horizon. According to Braun, geopolitical tensions, particularly with Ukraine as well as China’s ambitions in Taiwan, pose significant cybersecurity challenges.
“These situations could dramatically influence the evolution of cyber threats and how we need to position ourselves defensively,” he said.
The outcome of these international developments will shape how cyber threats evolve and how the U.S. can position itself to defend against both state-sponsored and independent actors.
Braun suggests that The New Great Game over control of the internet — whether it will remain free and democratic or become fragmented and authoritarian — is another issue that governments around the world must pay attention to. The outcome can impact the future of digital freedom across the globe.
“China’s Belt and Road Initiative has put many smaller countries in a tough predicament, giving China leverage to push their authoritarian model of internet governance. This could lead to a fragmented global internet, which would have serious implications for cybersecurity and digital freedom.”
Facing cybersecurity in 2025 with proactive measures
Still, Braun is approaching 2025 with cautious optimism. He emphasized that while technology will always have inherent vulnerabilities, the strategic approach of the government — coupled with substantial investments — lays the foundation for the future of national cybersecurity to be more promising than it has been in previous years.
“The country will likely be better prepared due to the significant investments in infrastructure and security standards, as well as initiatives to enhance workforce capabilities,” he said. “The significant investments we’re making in infrastructure and cybersecurity standards are going to put us in a much better place. We’re seeing proactive measures, like bolstering cybersecurity in critical areas such as water utilities, which are crucial for both civilian and military stability.”
The post Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in appeared first on Security Intelligence.