The executive order establishes a cybersecurity safety review board.

Edward Gately, Senior News Editor

May 14, 2021

4 Min Read
Presidential Seal
Shutterstock

President Biden this week signed an executive order to strengthen U.S. cybersecurity defenses. The move follows a series of major cyberattacks on private companies and federal government networks over the past year.

The most recent headline-grabbing cyberattack was on Colonial Pipeline. The attack pushed gas prices higher and disrupted supply in the eastern United States. According to Bloomberg, Colonial Pipeline paid nearly $5 million in ransom to the Darkside ransomware group.

In its latest statement, Colonial Pipeline said it has restarted its entire pipeline system and that product delivery has begun to all markets it serves.

Executive Order Details

Biden’s executive order will:

  • Remove barriers to threat information sharing between the government and the private sector.

  • Modernize and implement stronger cybersecurity standards in the federal government.

  • Improve software supply chain security.

  • Establish a cybersecurity safety review board.

  • Create a standard playbook for responding to cyber incidents.

  • Improve detection of cybersecurity incidents on federal government networks.

  • Improve investigative and remediation capabilities.

Welcomed Improvement

Garret Grajek is CEO of YouAttest. He said the executive order is a “welcomed improvement.”

Grajek-Garret_YouAttest.jpg

YouAttest’s Garret Grajek

“Of course, in a free world and free internet, the U.S. government does not own or control the traffic that goes across as a nation, the way China does,” he said. “To counter this lack of centralized control, communication sharing is paramount. And the executive order includes a provision to create a new national cybersecurity safety review board. Modeled after the National Transportation Safety Board, [it’s] an intelligent move toward this goal.”

It’s also important to note that none of the actions are forcing changes in private entities, Grajek said. They instead are focused on strengthening the practices and responses of federal government systems, while providing a response plan to major attacks like the Colonial Pipeline hack.

Tim Wade is technical director of Vectra‘s CTO team.

Wade-Tim_Vectra.jpg“I applaud Biden’s choice of promoting the threats to the privacy of the American people as a first order concern central to this executive order,” he said. “Privacy is itself a form of security — security against the erosion of opportunities for an individual to enjoy fairness, liberty and equality before the law and our society at large. As we forge ahead toward the much-needed partnership between federal and private sectors, we will do well to remember that the preservation of individual privacy is among our chief pursuits.”

Supply Chains Too Trusted

Sounil Yu is JupiterOne‘s CISO.

Yu-Sounil_JupiterOne.jpg

JupiterOne’s Sounil Yu

“Part of our problem around supply chains is that we trust in them too much,” he said. “The executive order mentions moving to a zero-trust architecture many times. But it is applied primarily to things like networks and endpoints. We need to take this approach for our supply chains as well. Currently, the standard of practice is to send vendors long questionnaires and occasionally ask for evidence associated with their answers. We trust that those answers are correct and that the vendor is actually performing the security activities that they attested to.”

Zero trust should also apply to vendors, Yu said.

“The reason that we need things like a software bill of materials (SBOM) is because we can’t trust our supply chain and thus we need more of it to be transparent,” he said. “SBOM is one way to get that transparency and start moving toward a zero-trust approach for software supply chains.”

Banda-Stephen_Lookout.jpg

Lookout’s Stephen Banda

Stephen Banda is Lookout‘s senior manager of security solutions. He also said the executive order is a major step in the right direction for strengthening U.S. cyber defenses. That’s because it removes barriers to collaboration around cyberthreats, which is essential for effective cyber response.

“It’s encouraging to see cloud security, endpoint detection and response (EDR), and active threat hunting on government networks as important components of the executive order,” he said. “The executive order is also pushing to improve the security of software sold to the government, including by making developers share certain security data publicly. The government is using its buying power to demand improved software security standards by the private sector. In nine months, the federal government will only buy from companies that have met these newly developed software security standards.”

Read more about:

MSPsVARs/SIs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like