Biden Administration Signs Comprehensive Cybersecurity Executive Order
Published on May 13, 2021
- The Biden Administration has signed an executive order to push for the adoption of stronger cybersecurity measures.
- The order calls for more transparency, central response, openness in the disclosure of key information, and MFA everywhere.
- These are measures that should have been implemented a long time ago, but it’s better late than never.
In the wake of the ransomware attack on the Colonial Pipeline that has threatened to create a fuel (and by extension economic) crisis in the United States, the Biden administration has signed an executive order to strengthen the cybersecurity posture of the nation’s most critical agencies and networks.
Previously, Biden took a more incremental approach. However, the recent ransomware attack made it clear that things need to move faster and more decisively if the United States wishes to protect against hackers, be it state actors or financially motivated gangs.
Here are the main points of the newly signed executive order:
- Remove Barriers to Threat Information Sharing Between Government and the Private Sector.
- Modernize and Implement Stronger Cybersecurity Standards in the Federal Government.
- Improve Software Supply Chain Security.
- Establish a Cybersecurity Safety Review Board.
- Create a Standard Playbook for Responding to Cyber Incidents.
- Improve Detection of Cybersecurity Incidents on Federal Government Networks.
- Improve Investigative and Remediation Capabilities.
These are all things that have been under discussion for years and elements that the infosec community has been highlighted again and again. The order hasn’t been hastily put together, though. It was actually in preparation for weeks now, and it just happened that it coincided with the DarkSide ransomware incident - and maybe it was a bit sped up in its pushing.
So, all in all, the information-sharing barriers between key entities in the country will be lifted, and endpoint detection and response mechanisms will now be controlled centrally. Moreover, the vendors of software used by government entities will be more open to sharing key information with the public, instead of keeping everything secret on the excuse of protecting patents and technological advantages.
All federal government networks and users will now use MFA to access cloud services, and all sensitive data will be stored encrypted. And finally, promoting good practices and developing recommendations to defend against a dynamically changing threat landscape will be the job of a safety review board consisting of experts in the field.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular