Biden bolsters nation’s cyber security defenses by executive order

The order also gives law enforcement better lines of communication with service providers

President Biden has signed an executive order to increase the US’s defenses against cyber attacks and provide better lines of communication between law enforcement and service providers to enhance investigations.

The order follows several cyber attacks on the US government and American firms, including the SolarWinds supply chain attack and the recent ransomware attacks on the Colonial pipeline.

According to the Executive Order on Improving the Nation's Cybersecurity, incremental improvements would not give the country the security it needs, and this means the government would need to make “bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”

The order will require IT (information technology) and OT (operational technology) service providers to share cyber security threat information with the government. It will also implement more robust cybersecurity standards in the federal government.

Federal agencies will also have to implement multifactor authentication to their systems and encrypt all data in the next 180 days and deploy a zero-trust security architecture.

Supply chain security is to be upgraded by establishing guidelines and best practices to audit software in the supply chain to ensure it hasn’t been tampered with by hackers. A pilot for a new Energy Star-style security rating for software sold to the government will also be launched.

The order also creates a cyber security safety review board to review and assess significant cyber security incidents and make recommendations to the government.

It will also establish a standardized playbook across all federal agencies on how to respond to breaches and cyber attacks.

The final order will help improve detection and remediation of cyber security vulnerabilities and incidents on government networks by deploying an Endpoint Detection and Response (EDR) solutions.

“Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” the order read.

Ilia Kolochenko, CEO and founder at ImmuniWeb, told ITPro that while this is a laudable initiative, it will be hard to implement in such a short time.

“Many entities of the federal government still fall short of FISMA, enacted in 2014 and aimed to bolster cyber resilience of the US government. The current situation with the recently enacted Cybersecurity Maturity Model Certification (CMMC) - requisite to do business with the US DoD - is similarly complicated. Finally, the Cybersecurity Safety Review Board may face traditional challenges of interagency collaboration,” he said.

“From a practical viewpoint, merely adding a zero-trust model will unlikely solve the fundamental problems, such as lack of visibility or incomplete IT assets inventory, inconsistent security strategy or insufficient training and awareness for employees. Nonetheless, this Executive Order convincingly demonstrates that Joe Biden’s administration cares about cybersecurity and takes it seriously. Hopefully, the upcoming regulations will be also underpinned by additional budget allocations and other resources required to build a resilient information security program at the federal level.”

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
30 countries announce crackdown on ransomware payments
ransomware

30 countries announce crackdown on ransomware payments

15 Oct 2021
£100 contactless payment limit could place shoppers at risk, warn industry experts
Policy & legislation

£100 contactless payment limit could place shoppers at risk, warn industry experts

15 Oct 2021
Hackers used MSHTML exploit a week before patches were ready
zero-day exploit

Hackers used MSHTML exploit a week before patches were ready

14 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Cleaning up legacy IT to drag big tobacco into the future
digital transformation

Cleaning up legacy IT to drag big tobacco into the future

12 Oct 2021