The United States White House issued a executive order to improve the nations cybersecurity. There are some very interesting parts to this order. The entire order can be found HERE. Section 1 provides an executive summary regarding why this order was issued. That section stated the following:
“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.
Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).
It is the policy of my Administration that the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security. The Federal Government must lead by example. All Federal Information Systems should meet or exceed the standards and requirements for cybersecurity set forth in and issued pursuant to this order.”
Some key points I found interesting were the following:
- Removing Barriers to Sharing Threat Information – This part of the order provides details around how data showing will be improved between different agencies and vendors. Its great that this is being brought up as the US government has been notorious for lacking the ability to collaborate and share threat intelligence.
- Modernizing Federal Government Cybersecurity – The order calls out the need for a zero trust architecture as well as other improvements including training and more modern technology. Good!
- Enhancing Software Supply Chain Security – This one is interesting and a direct response to the recent solar winds supply chain attack. Many organizations have been spooked by the threat of supply chain attacks and this new executive order calls out a focus on reducing supply chain attack risk.
- Establishing a Cyber Safety Review Board – The language states a cyber safety review board will be developed but its focus isn’t set. I’m guessing once this board is developed, the will build in within their mission statement their value and purpose but for now, it just looks like a cyber focused review board will be developed. More to come on how this impacts the US government’s cyber posture.
- Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents – I was happy to see this included. Playbooks are a means to maturing a security operation center’s capabilities including the ability to develop orchestration and automation. It’s great to see the concept of playbooks for vulnerability management and incident response being pushed.
- Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks – Detection is being focused on, which opens up the need for scanning and assessment services as well as technology. This order calls out requirements for endpoint detection and response (EDR) technology, which is a common need for threat hunting. There will be threat detection vendors fighting over meeting these requirements.
- Improving the Federal Government’s Investigative and Remediation Capabilities – The order calls out specifics for log retention leading to improvements in SIEM/SOAR/XDR practices. Data retention requirements will be adjusted meaning how they are stored as well as how they are encrypted.
In summary, the US government is stepping up its cyber security requirements, which will lead to a ton of new vendor contracts and job opportunities within public sector. Hopefully these actions will be taken seriously and happen quickly as many of these items have been needed to reduce the risk of a major cyber breach within the US government.