Executive Order on Improving the Nation’s Cybersecurity
President Biden has recently issued the “Executive Order on Improving the Nation’s Cybersecurity”, which requires government agencies to present plans for implementing a Zero Trust architecture, imposes stringent standards for threat sharing on government contractors and agencies alike, requires software vendors to show a Software Bill of Materials to demonstrate the security of their products, and seeks broad modernization of the Federal government’s cybersecurity posture.
These measures are essential, especially in the wake of the recent Colonial Pipeline intrusion, an inept but ominous attack on a water treatment plant, and the highly sophisticated “Sunburst” hack that affected private industry and public sector organizations, even including cybersecurity firms.
The Zero Trust mandate is particularly relevant. This concept, which is based on the sober-minded acknowledgment that intrusion is inevitable, has seen an enormous uptick in interest recently. It is time to re-think our defenses from the ground up, focusing on rapid and automated response, placing defenses as close to the target as possible, and focusing on mitigation as much as prevention.
Zero Trust, and the other measures in this Executive Order are essential for improving America’s cybersecurity. Executive Orders, however, do not always yield their intended result. Broad scope entails a commensurate budget, which is often lacking, and practical difficulties delay and undercut even the best of plans.
I hope agencies and contractors can meet the ambitious goals of this mandate. If so, we will have improved our nation’s security -- perhaps I will be able to put some gas in my car.