The Executive Order on Improving Cybersecurity: Key Takeaways for MSPs

Ransomware attacks are not only growing in number, but they are also targeting an increasing number of critical companies and operations. Several municipal governments and hospital systems were hit with attacks during the past several years: The recent Colonial Pipeline attack (which caused fuel shortages and price spikes in some areas of the United States), the health service in Ireland, the Massachusetts Steamship Authority and other entities have drawn attention to just how vulnerable key pieces of infrastructure are to cyberattacks.

The Colonial attack is instructive (and typical): Hackers launched the attack via a compromised password to a disused virtual private network (VPN) account that wasn’t protected by multi-factor authentication.

The White House issued an Executive Order on Improving the Nation’s Cybersecurity in May. The order focuses on beefing up cybersecurity standards, with a specific focus on zero-trust architecture solutions. That could open up some new opportunities for security-centric MSPs, provided they have the right solution set in place.

Urgent Security Initiatives

According to the executive order:

“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.”

The order further outlines several focus areas:

• Removing barriers to sharing threat information between the public and private sectors. Service providers will be required to share threat and incident information with agencies.
• Leveraging zero-trust architecture to modernize and strengthen cybersecurity. The order also will help accelerate the shift among federal agencies to cloud security services, including SaaS, IaaS and PaaS. The order further calls for federal agencies to centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks and invest in technology and personnel to match these modernization goals.
• Establishing baseline security standards for software used by government agencies. Software vendors will be required to provide security data visibility.
• Establishing a standard playbook for cyber incident response within 120 days of the order. According to the order: “The cybersecurity vulnerability and incident response procedures currently used to identify, remediate, and recover from vulnerabilities and incidents affecting their systems vary across agencies, hindering the ability of lead agencies to analyze vulnerabilities and incidents more comprehensively across agencies.”
• Improving cyberthreat detection, investigation, and remediation processes by establishing an Endpoint Detection and Response (EDR) initiative. Recommendations for the initiative are expected within 30 days, with requirements issued 90 days later.

Within 60 days of the executive order, the head of each federal agency was expected to develop a plan to implement a zero-trust architecture. The migration to cloud technology will be required to follow a zero-trust methodology (as far as is practical).

While the impact of the executive order could take a while to affect the market for security solutions, it lays out an accelerated timeline and could help encourage other industries to adopt similar measures.

The fact that the Colonial attack occurred via an exposed VPN connection should serve as a reminder that remote access approaches need to evolve–particularly given the increased reliance on remote work that