Despite the progress, threats loom large. Geopolitical tensions, particularly involving Ukraine and China’s ambitions in Taiwan, could significantly impact the cybersecurity landscape
As 2024 comes to a close, attention shifts to the evolving state of public cybersecurity in 2025. With bipartisan support for many current initiatives, cybersecurity remains a priority for the government, irrespective of political leadership. Jake Braun, former Principal Deputy National Cyber Director under President Biden and advisor at the University of Chicago’s Harris School of Public Policy, offers insights into the progress made and the challenges ahead.
The Current Landscape
Cybersecurity in the U.S. has seen significant advancements but remains a work in progress. Recent initiatives, including the White House’s push for modernisation, have prioritised systemic improvements over isolated fixes. “The focus has shifted from addressing specific vulnerabilities to eliminating entire classes of threats by enhancing infrastructure fundamentals,” Braun explained.
Key developments include the adoption of memory-safe programming languages like Rust and efforts to secure Border Gateway Protocol (BGP), which underpins global internet traffic. Additionally, the government is addressing the cybersecurity skills gap by moving away from traditional degree requirements and towards skill-based training.
“We need to move past the outdated notion that every cybersecurity role requires a Ph.D. or even a four-year degree,” Braun said, advocating for targeted skills training to broaden the talent pool and address workforce shortages.
What To Expect In 2025
Looking ahead, government cybersecurity is expected to become more cohesive, with harmonised regulations reducing bureaucratic overhead for corporations and allowing more focus on substantive security measures. “By 2025, I expect we will see a much more unified approach to cybersecurity regulations,” Braun noted.
Infrastructure modernisation, driven by the Bipartisan Infrastructure Law (BIL), CHIPS Act, and Inflation Reduction Act, will likely embed cybersecurity into essential sectors like energy, telecommunications, and transportation. Initiatives include modernising the electrical grid and water systems with robust cyber protections.
“These three bills represent nearly USD 2 trillion of investment in national infrastructure,” Braun said. “Cybersecurity is implicitly tied to nearly every aspect of these projects.”
Collaboration between the public and private sectors will also be critical. While challenges around information sharing persist, the government recognises that effective cybersecurity hinges on such partnerships to share intelligence and respond swiftly to threats.
Education and workforce development will continue as key priorities, with programs emphasising hands-on training and diversity within the cybersecurity workforce. Braun anticipates that these measures will enhance the nation’s strategic approach to cybersecurity.
Emerging Threats
Despite the progress, threats loom large. Geopolitical tensions, particularly involving Ukraine and China’s ambitions in Taiwan, could significantly impact the cybersecurity landscape. Braun warned that these developments could lead to state-sponsored attacks and evolving threats from independent actors.
Another concern is the potential fragmentation of the internet. “China’s Belt and Road Initiative has put many smaller countries in a tough predicament, giving China leverage to push their authoritarian model of internet governance,” Braun said. Such developments could lead to a divided global internet, with serious implications for cybersecurity and digital freedom.
Cautious Optimism For Future
Despite the challenges, Braun remains cautiously optimistic. Investments in infrastructure and strategic initiatives provide a strong foundation for improving national cybersecurity. “While technology will always have vulnerabilities, we’re taking more strategic, proactive measures now than before,” he said.
From addressing vulnerabilities in critical sectors to fostering collaboration and workforce development, 2025 holds promise for a more secure digital future. As Braun concluded, “The significant investments we’re making in infrastructure and cybersecurity standards are going to put us in a much better place.”