Biden bolsters nation’s cyber security defenses by executive order
The order also gives law enforcement better lines of communication with service providers
President Biden has signed an executive order to increase the US’s defenses against cyber attacks and provide better lines of communication between law enforcement and service providers to enhance investigations.
According to the Executive Order on Improving the Nation's Cybersecurity, incremental improvements would not give the country the security it needs, and this means the government would need to make “bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”
The order will require IT (information technology) and OT (operational technology) service providers to share cyber security threat information with the government. It will also implement more robust cybersecurity standards in the federal government.
Supply chain security is to be upgraded by establishing guidelines and best practices to audit software in the supply chain to ensure it hasn’t been tampered with by hackers. A pilot for a new Energy Star-style security rating for software sold to the government will also be launched.
The order also creates a cyber security safety review board to review and assess significant cyber security incidents and make recommendations to the government.
It will also establish a standardized playbook across all federal agencies on how to respond to breaches and cyber attacks.
The final order will help improve detection and remediation of cyber security vulnerabilities and incidents on government networks by deploying an Endpoint Detection and Response (EDR) solutions.
“Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” the order read.
Ilia Kolochenko, CEO and founder at ImmuniWeb, told ITPro that while this is a laudable initiative, it will be hard to implement in such a short time.
“Many entities of the federal government still fall short of FISMA, enacted in 2014 and aimed to bolster cyber resilience of the US government. The current situation with the recently enacted Cybersecurity Maturity Model Certification (CMMC) - requisite to do business with the US DoD - is similarly complicated. Finally, the Cybersecurity Safety Review Board may face traditional challenges of interagency collaboration,” he said.
“From a practical viewpoint, merely adding a zero-trust model will unlikely solve the fundamental problems, such as lack of visibility or incomplete IT assets inventory, inconsistent security strategy or insufficient training and awareness for employees. Nonetheless, this Executive Order convincingly demonstrates that Joe Biden’s administration cares about cybersecurity and takes it seriously. Hopefully, the upcoming regulations will be also underpinned by additional budget allocations and other resources required to build a resilient information security program at the federal level.”
Activation playbook: Deliver data that powers impactful, game-changing campaigns
Bringing together data and technology to drive better business outcomesFree Download
In unpredictable times, a data strategy is key
Data processes are crucial to guide decisions and drive business growthFree Download
Achieving resiliency with Everything-as-a-Service (XAAS)
Transforming the enterprise IT landscapeFree Download
What is contextual analytics?
Creating more customer value in HR software applicationsFree Download