In the wake of recent cybersecurity incidents, notably SolarWinds, Microsoft Exchange, and Colonial Pipeline, President Biden signed an executive order aimed at improving the nation's cybersecurity posture.
Here are the highlights:
Remove Barriers to Threat Information Sharing Between Government and the Private Sector. The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information.
Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. The Federal government must increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.
Improve Software Supply Chain Security. The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely.
Establish a Cybersecurity Safety Review Board. The Executive Order establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity.
Create a Standard Playbook for Responding to Cyber Incidents. The Executive Order creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat. The playbook will also provide the private sector with a template for its response efforts.
Improve Detection of Cybersecurity Incidents on Federal Government Networks. The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.
Improve Investigative and Remediation Capabilities. The Executive Order creates cybersecurity event log requirements for federal departments and agencies.