President Biden’s New Executive Order: A Response to Cybersecurity
The internet has become an integral part of our everyday lives, from shopping to banking. But the convenience comes with a price; cybersecurity! It is no secret that cybersecurity in America has been a hot topic for the past few years.
With so many data breaches, hacks, and cyberattacks happening regularly, there is never a shortage of news about this important issue. The government and private companies have responded by ramping up their investments in cybersecurity to protect themselves from these threats.
Cyberattacks have led to financial losses, damaged reputation and data loss to the affected organizations. As a response to this, President Biden signed the Executive Order on 12th May 2021. The EO is focused on improving the country’s cybersecurity landscape. Below are the main sections of President Biden’s executive order:
Policy
The Executive Order lays out precise directives to enhance the Federal Government’s commitment to detect, deter, identify, protect against, and respond to the actions of threat actors. It is dedicated to addressing the enormous threats targeting both the public and private sector and eventually the overall security and privacy of the entire U. S. population.
These huge cybersecurity requirements for government suppliers and federal agencies require the Federal Government to abide by its resources and authorities full range to secure and protect its systems. The protection and security scope must contain data processing systems and those running critical safety machinery.
President Biden’s government requires the Federal Government to make bold changes and significant investments to defend the vital institutions that define the American culture. It must lead by example and meet or exceed all the standards and requirements for cybersecurity as outlined by the EO.
Removing Barriers to Sharing Threat Information
Under this section, the Federal government will collaborate with information and operation technology providers to evaluate the Federal Information System’s (FIS) daily functions. As a result, these providers have unique access to and insight into cyber threat and incident information on FIS.
However, before the execution of the EO, these providers were restricted from sharing such threat information with executive departments like the Cybersecurity and Infrastructure Security Agency (CISA).
Removing these barriers and escalating the sharing of information about such risks, incidents, and threats are necessary steps to speeding up incident deterrence, prevention, and response efforts. This will enable more effective defense of agencies’ systems and information collected, processed, and maintained by or for the Federal Government.
Modernizing Federal Government Cybersecurity
To keep momentum with today’s vigorous and increasingly complicated cyber threat environment, the Federal Government must take steps to modernize its response to cybersecurity. This includes increasing the Federal Government’s visibility into attacks while protecting privacy and civil liberties.
The Federal Government must embrace security best practices, including advance toward zero trust architecture and accelerate movement to secure cloud services like SaaS, IaaS and PaaS. It should also centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks. This will be achieved by investing in both technology and personnel to match these modernization goals.
Enhancing Software Supply Chain Security
The safety of software used by the Federal Government is crucial to its ability to perform critical functions. Unfortunately, commercial software development often lacks sufficient focus, transparency, and adequate controls to prevent tampering by malicious actors.
There is a need to execute more rigorous and predictable mechanisms for ensuring that products function securely and as intended. As a result, agencies and sectors must provide input on the current measures and develop new tools and standards with the principles and procedures. This will be crucial in determining whether the software underwent secure development and improve the security structure.
Establishing a Cyber Safety Review Board
President Biden’s EO requires Homeland and the Attorney General to establish a Cyber Safety Review Board as contained in section 871 of the Homeland Security Act of 2002. The board’s primary role will be making the necessary enhancements on incident response practices and overall system security by assessing and reviewing cyber occurrences.
The Cyber Safety Review Board will comprise the private sector, the Department of Justice, the National Security Agency, the FBI, CISA, and the Department of Defense.
A Standardized Federal Government Cybersecurity Response Playbook
Different agencies leverage multiple procedures to detect, address, and recover from cyber occurrences and vulnerabilities with the current rules. However, with the EO, organizations are required to develop a standardized response approach outlining the operating procedures that can centralize incident cataloging and tracking progress.
This standardized playbook incorporates all the National Institute of Standards and Technology (NIST) standards, providing the primary terms that ensure common acknowledgement and understanding of incidents and an agency’s overall cybersecurity status. It also highlights the right plans to respond to threats and attacks.
Improved Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
Under the EO, the Federal Government shall employ all appropriate authorities and resources to maximize the early detection of cybersecurity incidents and vulnerabilities on its networks. The Federal Government will formulate an Endpoint Detection and Response (EDR) system to set the pace with early cybersecurity and detection activities, and practices focused on reducing exposure to adversaries.
Boosted Investigative and Remediation Capabilities by the Federal Government
Information from network and system logs on FIS is invaluable for both investigation and remediation purposes. As such, agencies and their IT service providers must collect and maintain such data. This means federal agencies and departments have the log requirement to create better solutions to cyber occurrences and threats.
National Security Systems
The final section of the EO requires the Secretary of Defense to work with the National Manager to come up with and issue a National Security Memorandum. It should cover the requirements, programs, and standards focused on the cybersecurity requirements highlighted in the EO.
In Summary
The United States president, Joe Biden, has just made an Executive Order that will improve cybersecurity for all Americans. The EO is designed to curb cyberattacks and threats in our country, which have been increasing steadily over time; it also shares a clear intent from the administration’s end to make real their objective to overhaul federal cyber defense and national security overall. By June 2021, these legislative changes outline how contractors should share information about potential attacks or breaches with other agencies so they too can be prepared against future incidents like this one! To understand more about cybersecurity and how the EO works, contact Corptek Solutions. We offer managed IT support and help desk services to businesses across Fort Worth and Dallas.
