IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Biden bolsters nation’s cyber security defenses by executive order

The order also gives law enforcement better lines of communication with service providers

President Biden has signed an executive order to increase the US’s defenses against cyber attacks and provide better lines of communication between law enforcement and service providers to enhance investigations.

The order follows several cyber attacks on the US government and American firms, including the SolarWinds supply chain attack and the recent ransomware attacks on the Colonial pipeline.

According to the Executive Order on Improving the Nation's Cybersecurity, incremental improvements would not give the country the security it needs, and this means the government would need to make “bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”

The order will require IT (information technology) and OT (operational technology) service providers to share cyber security threat information with the government. It will also implement more robust cybersecurity standards in the federal government.

Federal agencies will also have to implement multifactor authentication to their systems and encrypt all data in the next 180 days and deploy a zero-trust security architecture.

Supply chain security is to be upgraded by establishing guidelines and best practices to audit software in the supply chain to ensure it hasn’t been tampered with by hackers. A pilot for a new Energy Star-style security rating for software sold to the government will also be launched.

The order also creates a cyber security safety review board to review and assess significant cyber security incidents and make recommendations to the government.

It will also establish a standardized playbook across all federal agencies on how to respond to breaches and cyber attacks.

The final order will help improve detection and remediation of cyber security vulnerabilities and incidents on government networks by deploying an Endpoint Detection and Response (EDR) solutions.

“Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” the order read.

Ilia Kolochenko, CEO and founder at ImmuniWeb, told ITPro that while this is a laudable initiative, it will be hard to implement in such a short time.

“Many entities of the federal government still fall short of FISMA, enacted in 2014 and aimed to bolster cyber resilience of the US government. The current situation with the recently enacted Cybersecurity Maturity Model Certification (CMMC) - requisite to do business with the US DoD - is similarly complicated. Finally, the Cybersecurity Safety Review Board may face traditional challenges of interagency collaboration,” he said.

“From a practical viewpoint, merely adding a zero-trust model will unlikely solve the fundamental problems, such as lack of visibility or incomplete IT assets inventory, inconsistent security strategy or insufficient training and awareness for employees. Nonetheless, this Executive Order convincingly demonstrates that Joe Biden’s administration cares about cybersecurity and takes it seriously. Hopefully, the upcoming regulations will be also underpinned by additional budget allocations and other resources required to build a resilient information security program at the federal level.”

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
LinkedIn to pay $1.8 million to employees after settling gender discrimination charges
Careers & training

LinkedIn to pay $1.8 million to employees after settling gender discrimination charges

4 May 2022

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022