On May 12, 2021, President Biden signed the Executive Order on Improving the Nation’s Cyber Security in efforts to protect the federal government’s networks. The Executive Order mandates new Federal Cyber Security Standards for both federal agencies and the software vendors that supply them. The Executive Order is in response to the recent uptick in destructive cyberattacks that have occurred, affecting major U.S. operations. Most notable events include the cyber-attack on Solarwinds software company, a foreign cyberespionage campaign involving several federal agencies, and the recent shutdown of the Colonial Pipeline, causing gas shortages throughout the South-East.
Several months in the making, the Executive Order is a specific call to action for securing federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the Government’s ability to respond to incidents when they occur. Specifically, the Executive Order focuses on:
- Enabling More Threat Information Sharing Between Federal Agencies and IT Service Providers. Contractual barriers that restrict IT Service Providers’ ability to share threat information with the U.S. Government will be lifted. In addition, providers will be required to share breach information that could impact federal agencies’ networks.
- Establish a Cyber Security Safety Review Board. Co-chaired by both government and private sector leaders to review significant cyber-attacks and provide lessons learned and recommendations on how to enhance cyber Security.
- Upgrading and Strengthening the Federal Government’s Cyber Security Standards by requiring zero-trust security models, multifactor authentication, and time-sensitive encryption.
- Enhance Investigation and Remediation Capabilities. The Executive Order requires cyber Security event log requirements for all federal agencies with required documented remediation efforts.
- Standardize Incident Response Plans. All federal departments and agencies must follow a standardized cyber incident response plan with a standard set of definitions and escalation process. The goal is to elevate all federal government agencies to a standard Cyber Security incident response maturity level. Agencies no longer have the luxury to wait until they’ve been compromised to determine a response plan.
- Enhance Security in Software Supply Chain. The Executive Order baselines security standards for software development sold to federal agencies. Developers will be required to maintain greater transparency into their software development and the making the security data publicly available. Specifically, a pilot program will be launched where the public at large can quickly determine if the software was securely developed.
- Improve Detection of Cyber Security Incidents. All government networks must have the ability to detect malicious cyber activity by enabling a government-wide endpoint detection and response system with improved information sharing among various agencies. The government is seeking to become a leader in Endpoint Detection and Response (EDR) deployment.
All of these facets are to be consolidated into a federal ‘playbook’ by CISA Director Brandon Wales, working along with the Secretary of Homeland Security, and in consultation with other high-level security officials. The playbook will outline all Cyber Security standards, name intended users of the standards, and continually update progress regarding incident response results.