Biden bolsters nation’s cyber security defenses by executive order

The order also gives law enforcement better lines of communication with service providers

President Joe Biden and Vice President Kamala Harris

President Biden has signed an executive order to increase the US’s defenses against cyber attacks and provide better lines of communication between law enforcement and service providers to enhance investigations.

The order follows several cyber attacks on the US government and American firms, including the SolarWinds supply chain attack and the recent ransomware attacks on the Colonial pipeline.

According to the Executive Order on Improving the Nation's Cybersecurity, incremental improvements would not give the country the security it needs, and this means the government would need to make “bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.”

The order will require IT (information technology) and OT (operational technology) service providers to share cyber security threat information with the government. It will also implement more robust cybersecurity standards in the federal government.

Federal agencies will also have to implement multifactor authentication to their systems and encrypt all data in the next 180 days and deploy a zero-trust security architecture.

Supply chain security is to be upgraded by establishing guidelines and best practices to audit software in the supply chain to ensure it hasn’t been tampered with by hackers. A pilot for a new Energy Star-style security rating for software sold to the government will also be launched.

The order also creates a cyber security safety review board to review and assess significant cyber security incidents and make recommendations to the government.

It will also establish a standardized playbook across all federal agencies on how to respond to breaches and cyber attacks.

The final order will help improve detection and remediation of cyber security vulnerabilities and incidents on government networks by deploying an Endpoint Detection and Response (EDR) solutions.

“Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” the order read.

Ilia Kolochenko, CEO and founder at ImmuniWeb, told ITPro that while this is a laudable initiative, it will be hard to implement in such a short time.

“Many entities of the federal government still fall short of FISMA, enacted in 2014 and aimed to bolster cyber resilience of the US government. The current situation with the recently enacted Cybersecurity Maturity Model Certification (CMMC) - requisite to do business with the US DoD - is similarly complicated. Finally, the Cybersecurity Safety Review Board may face traditional challenges of interagency collaboration,” he said.

“From a practical viewpoint, merely adding a zero-trust model will unlikely solve the fundamental problems, such as lack of visibility or incomplete IT assets inventory, inconsistent security strategy or insufficient training and awareness for employees. Nonetheless, this Executive Order convincingly demonstrates that Joe Biden’s administration cares about cybersecurity and takes it seriously. Hopefully, the upcoming regulations will be also underpinned by additional budget allocations and other resources required to build a resilient information security program at the federal level.”

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Senator questions Amazon and Google’s smart home devices
Internet of Things (IoT)

Senator questions Amazon and Google’s smart home devices

23 Jun 2021

Most Popular

Best paying tech jobs of 2021
Careers & training

Best paying tech jobs of 2021

7 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Mythic launches power-sipping AI chip
Hardware

Mythic launches power-sipping AI chip

8 Jun 2021