Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial Pipeline attack.
Capping a dramatic week that saw major oil pipeline provider Colonial Pipeline crippled by a ransomware attack, the Biden administration released a highly anticipated, far-reaching and complex Executive Order on Improving the Nation’s Cybersecurity. The executive order (EO) aims to chart a “new course to improve the nation’s cybersecurity and protect federal government networks.”
The ambitious document uses the SolarWinds and Microsoft Exchange supply chain hacks and the Colonial Pipeline ransomware infection as springboards for a series of initiatives that aim to minimize the frequency and impact of these kinds of incidents. These initiatives are:
- Remove barriers to threat information sharing between government and the private sector, particularly ensuring that IT service providers can share security breach information with the federal government.
- Modernize and implement stronger cybersecurity standards in the federal government, including a move to cloud services and zero-trust architectures and multi-factor authentication (MFA) and encryption mandates.
- Improve software supply chain security, including establishing baseline security standards for software development for software sold to the government. The Commerce Department must publish minimum elements for a software bill of materials (SBOM) that traces the individual components that make up software.
- Establish a cybersecurity safety review board consisting of government and private sector experts who convene following a significant cybersecurity incident to make recommendations, much like the National Transportation Safety Board (NTSB) does in the aftermath of a major transportation accident.
- Create a standard playbook for responding to incidents to ensure all federal agencies meet a standard playbook and set of definitions for incident response.
- Improve detection of cybersecurity incidents on federal government networks by enabling a government-wide endpoint detection and response (EDR) system and improved information sharing within the federal government.
- Improve investigative and remediation capabilities by creating cybersecurity event log requirements for all federal agencies.
This article appeared in CSO Online. To read the rest of the article please visit here.