Federal Executive Order on Cybersecurity For United States National Security by New Dispensation
As the digital world expands and permeates every area of our existence, so does the threat of cyber crime increase rapidly.
Every piece of personal and national information is digitally preserved in this age, making cybersecurity an important area of government action and jurisdiction.
The US has recently been rattled by repeated massive breaching incidents which has left critical national information vulnerable and exposed.
Multiple cybercrime incidents have occurred in the first six months of 2021, the most notable among them being the Colonial Pipeline incident and the SolarWinds incident.
In the Colonial Pipeline incident, DarkSide ransomware attack resulted in the complete shutdown of the massive fuel supply pipeline covering a distance from Texas to New Jersey.
It could only be resolved after the payment of over 5 million to the hackers. The SolarWinds attack was also a massive blow to the US security system
The hackers targeted an IT management software named Orion supplied to the Federal government by SolarWinds, a Texas based Company.
Needless to say, these attacks have been putting national security at an incredible risk.
They have greatly exposed the cracks in the US cybersecurity infrastructure which has led to a public demand on how America will improve cybersecurity and strengthen its digital security systems of both government and corporate organizations.
US President Biden Cybersecurity Executive Orders 2021
In response to these massive security issues, the Biden government signed an Executive Order (EO) on May 12, 2021.
The the presidential executive order on cybersecurity revealed the several directive measures that the Government has planned to implement to ensure a robust digital security system that would protect government and corporate data from being exposed to cyber criminals.
What is unique about these new sets of government directives is bringing the private sector into the ambit of the latest security measures.
We have prepared a detailed list of all the necessary steps that the US Government plans on undertaking as per the new white house Executive order dated May 12, 2021.
Smoothening the Process of Breach Information Sharing between the Public and Private sector :
One major issue preventing a strong digital security network and quick action in case of breaches has always been the lack of proper communication between the government and the corporate sector.
The directive stated that IT service providers, cloud service providers and software companies would now be enabled and required to share any relevant information regarding data security and digital breach with the government.
It has been observed that certain contractual obligations may sometimes prevent IT service providers and software companies from providing the public sector with necessary threat information.
The new directive has called for the dissolution of any such contracts. It requires the private sector to inform the Government of any security threats that might be detrimental to federal networks and critical infrastructure.
The order mentions specific types of IT service providers across the country mandating requirements for them. It also includes a deadline of 120 days.
The Secretary of Homeland security and the Director of OMB must take the necessary steps that enable all service providers to share critical information with the State.
Such information sharing would allow fast and effective actions against the crime by the national defense system.
Software Supply Chain Security to be improved :
This new directive also includes important steps related to the security of software bought by the government.
It calls for establishing some fundamental security standards that the software has to meet before it can be sold to the government.
The government recognizes that buying critical software with inherent security problems has been a major issue for years allowing criminals to easily manipulate the software.
It proposes to solve this problem by using the government’s purchasing power to ensure that the market produces more secure and high-quality software.
In other words, robust digital security requirements would now be an integral part of the purchasing contracts of software.
Another important step is the requirement of the government to make software security data available to the public and the government by the developers.
The government acknowledges the public’s right to the cybersecurity information of the software which will often preserve critical personal and national data with this step.
To streamline this process, the directive has ordered a label similar to the energy star which allows both the government and the public to easily identify whether a particular software was created along the required cybersecurity guidelines.
A US Cybersecurity Safety Review Board to be established :
The executive order has mandated establishing a new organization called the Cybersecurity Safety Review Board.
Headed by both government and private sector representatives, this Review Board will play a crucial role in the aftermath of any security breach incidents.
It will conduct a thorough analysis of the digital breach by ensuring smooth communication between the public and private sectors, identifying the root cause, infrastructural problems and ultimately forming solid recommendations and guidelines to prevent similar security threats.
It is observed that in the past, the lack of such a Review Board system has been a major issue – organizations have been unable to prevent or take action even against security breaches with similar patterns leading to repeated cybercrime incidents.
It is hoped that this initiative will enable quick steps and recommend essential improvements to reduce security breaches greatly. It is important to note that this organization will work similarly to the National Transportation Safety Board.
Their workings have massively reduced airplane crashes and other transport accidents or issues.
Creation of a basic response guideline to Cyber Threats:
The repeated cybersecurity threats and breaches over the years have revealed a great lack of any standardized set of guidelines when it comes to responding to cyber attacks.
Organizations, both public and private, are often at a loss regarding the necessary steps to be taken during a security breach incident.
Too often, the organizations recognize the indications of a coming security threat, however by the time they devise a plan to respond to that threat, the breach already occurs.
This new Executive order has mandated creating a playbook with standardized definitions and guidelines for Government cybersecurity response. It is to be followed by both the government and the private sector.
It is hoped that having a standard set of response guidelines will allow all Federal agencies and the private sector to take quick and uniform action to identify and prevent cybersecurity threats.
In other words, the measure will help remove the varying levels of maturity with regards to threat response both within the government agencies and private organizations.
Implementing Modern and Robust Standards for Cybersecurity within the Government:
The government recognizes that much of the security breaches and cyberattacks result from exploitation by hackers of old and outdated security models that the Government has been using for years.
Even as technology is progressing every day and novel security systems are being developed, the government has failed to upgrade its security systems accordingly.
This new Executive order takes important measures to correct this lack and modernize the standards for cybersecurity within the government.
It requires the Federal Government to implement a zero-trust model when it comes to devising security systems.
Henceforth, the various Federal agencies will be required to include multi-factor authentication and strong data encryption to enhance data and information security.
The government must ensure the best possible security measures available and encourage processes of development of new and innovative security models.
With the Federal government leading the way in enhancing their security systems, it is anticipated that the private sector will also follow.
Therefore, the Executive order ensures the strengthening of existing security infrastructure by adopting the most recent and modern models.
New and Improved systems for Effective Detection of Cyber Threats:
Till now, quick and effective detection of cybersecurity breaches has remained a leading problem in rapid resolution of the threat. Delay in detection of malicious attacks often leads to increased damage which in turn leads to a delay in resolution.
The new directive has enabled a system of government-wide endpoint detection and response.
This, along with an improved information sharing process within the government networks will ensure effective and smooth detection of any breach activity.
Threat information sharing within the government will also allow regular upgradation of security models following recommendations by various agencies.
This new stress on Government-wide Endpoint Detection and Response (EDR) and information sharing will minimize security threats and also encourage the private sector in threat information sharing.
Quick detection and immediate action is the key to the elimination of cybersecurity incidents and this measure ensures just that.
Measures to improve mitigation and investigation of cybersecurity incidents:
While recognizing the need for implementing new and advanced security models to prevent security breaches, the Executive order also mandates the keeping of consistent logs regarding all data and information security.
It has often been observed that regular logging practices can go a long way in quick and easy detection of cybersecurity incidents.
Keeping event logs also helps carry out a comprehensive and informed cybercrime investigation process – it is essential in identifying the extent of damage and the full range of the attack.
So, the Executive order stresses the continuation of dated but efficient practices like keeping logs alongside modernization of security systems.
The New Directive in a Nutshell:
These are the various cybersecurity measures that the US government has undertaken through its new Executive order as of May 12.
A quick readthrough of the details of the multiple steps indicate that the government is indeed concerned about the constant cybersecurity threats that the country has been facing in recent years.
The bridging of the private-public gap in threat information sharing is an ingenious measure as miscommunication has often led to larger and more extensive cybersecurity issues in the past.
Centralizing the analysis of security incidents in a Review board will be a great way to effectively detect security infrastructural measures.
The government’s recognition of the effectiveness of modern security methods over dated ones is also something that deserves appreciation.
This will lead to more funding in the research and development of innovative security tools and raise awareness regarding robust security models.
It can be hoped that this measure will also lead to the private sector’s adoption of modern security systems.
The government’s acknowledgement of the public right to knowledge of the security systems in various software is also praiseworthy, it shows a respect for the public and their role in the society.
By requiring the software developers to divulge all information regarding the security of the software and announcing the buying only of software that follows certain guidelines, the Federal government has made sure that the software development market operates in a way favourable to national security!
The new executive order has further attempted to devise extensive government – wide response systems to ensure early detection and elimination of all cyberthreats.
It appears that the US Federal Government is leading the way when it comes to dealing with cybersecurity issues.
So there you have it. All the discussions regarding the new Executive order by the US Federal Government on media might seem confusing.
This detailed article will enable the reader to easily comprehend all the necessary information about the new directive.
We have not only included the basic measures that the command claims to undertake, but have also addressed each measure in detail, sketching out how it may help in reducing the increasing cyber threats.
The question that the readers may have at the end of this discussion is – has the Biden government solved the problem of cybersecurity plaguing the nation for years? Well, the short answer is, it is too soon to tell.
However, it can be confidently said that this directive is the right way to go. As we noted at the beginning of this discussion, the recent security threats have outlined the fault lines in the US cybersecurity infrastructure.
The threats have in fact been so great that they have caused diplomatic troubles between the US and the Russian government, given that the recent threats were done by Russian hackers.
The colonial Pipeline attacks have also caused internal problems leading to hikes in the price of fuel.
So needless to say, such a strong directive was a need of the times. It has provided the citizens with hope and allowed them to feel a little bit safer about the digital world.
Whether the directive can live up to its claims and build a better and secure cyberspace is something that will be determined by time.