On May 12th, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity”. Its primary goal is to secure our national digital landscape. What we’re seeing is an overdue, full-force reaction to the threats to cybersecurity and operational infrastructure.
This order is primed for success due to the increase and impact of cyberattacks targeting the US government and critical infrastructure. The size and scope of this document would imply that it has been something in the works for some time. It is a lot to read, and it can be hard to discern how the digital community will be required to respond to it, but we will break it down…
Much of the document is a delegation of assignments to discover the gaps in our nation’s security implementations. It also calls upon the vast array of governmental agencies to remove barriers to sharing threat information among one another when breaches, malware and unauthorized data is distributed.
This is a watershed moment for cybersecurity because federal agencies are now required to implement multi-factor authentication (MFA) across their IT environment. In terms of cybersecurity protection, MFA provides the best bang for the buck. It’s only a matter of time before this requirement makes it down to the financial services and the payments industry as well as other critical infrastructure sectors.
Another focus area are the risks posed by third parties. Most of these attacks have found their way into government agencies through insecure third parties. This executive order requires all third parties working with the federal government to strictly adhere to these basic, yet powerful guidelines or risk losing their contracts and being blacklisted.
Software vendors will now be responsible to adhere to strict security and development guidelines if they wish to continue to supply technology to government agencies. These guidelines include:
- Disclosing how much open-source code is used in their code.
- Government entities will have to create lists of software that is integral to their functions so that they can be examined and cleared for use.
- Software providers will be asked to house their coding divisions separately in secure buildings.
- Maintain a ‘provenance’ on all code that is utilized that was not written in-house.
- Provide a purchaser a Software Bill of Materials (SBOM) for each product.
Other notable items of the order include:
- Modernizing Federal Government Cybersecurity.
- Advancing towards a Zero Trust Security Model
- Centralize cybersecurity data and analytics for quickly identifying breaches.
- Enhancing Software Supply Chain Security.
- Establishing a Cyber Safety Review Board
- Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
- Improving the Federal Government’s Investigative and Remediation Capabilities.
XYPRO, and many other cybersecurity firms, have been advocating for years about the need for government and regulatory oversight to prevent incidents such as the SolarWinds, Microsoft Exchange, Colonial ransomware and so many other unpublicized attacks. Biden’s new executive order seeks to pull back-burner issues into the spotlight to ensure the necessary focus and resources are available at the federal level to address cybersecurity threats. This much-needed government oversight to technology and cybersecurity is intended to ensure all government contractors and vendors comply with the basic cybersecurity principles such as Multi-Factor Authentication, Incident Response and threat detection or face being blacklisted.
XYPRO provides security solutions that ensure financial services, payment processors, and other critical infrastructure business sectors are properly secured and actively monitored for security threats. Utilize XYPRO service and support to achieve full compliance with these coming directives so your business is primed and ready to meet these tighter security objectives.