On May 12th, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity”. It’s primary goal is to secure our national digital landscape. What we’re seeing is an overdue, full-force reaction to the threats to cybersecurity and operational infrastructure.
This order is primed for success due to the increase and impact of cyberattacks targeting the US government and critical infrastructure. The size and scope of this document would imply that it has been something in the works for some time. It’s a lot to read and it can be hard to discern how the digital community will be required to respond to it, but we will break it down…
Much of the document is a delegation of assignments to discover the gaps in our nation’s security implementations. It also calls upon the vast array of governmental agencies to remove barriers to sharing threat information among one another when breaches, malware and unauthorized data is distributed.
This is a watershed moment for cybersecurity because federal agencies are now required to implement multi-factor authentication (MFA) across their IT environment. In terms of cybersecurity protection, MFA provides the best bang for the buck. It’s only a matter of time before this requirement makes it down to the financial services and the payments industry as well as other critical infrastructure sectors.
Another focus area are the risks posed by third parties. Most of these attacks have found their way into government agencies through insecure third parties. This executive order requires all third parties working with the federal government to strictly adhere to these basic, yet powerful guidelines or risk losing their contracts and being blacklisted.
Software vendors will now be responsible to adhere to strict security and development guidelines if they wish to continue to supply technology to government agencies. These guidelines include:
- Disclosing how much open-source code is used in their code
- Government entities will have to create lists of software that is integral to their functions so that they can be examined and cleared for use.
- Software providers will be asked to house their coding divisions separately in secure buildings
- Maintain a ‘provenance’ on all code that is utilized that was not written in-house.
- Provide a purchaser a Software Bill of Materials (SBOM) for each product
Other notable items of the order include:
- Modernizing Federal Government Cybersecurity.
- Advancing towards a Zero Trust Security Model
- Centralize cybersecurity data and analytics for quickly identifying breaches
- Enhancing Software Supply Chain Security.
- Establishing a Cyber Safety Review Board
- Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
- Improving the Federal Government’s Investigative and Remediation Capabilities.
XYPRO, and many other cybersecurity firms, have been advocating for years about the need for government and regulatory oversight to prevent incidents such as the SolarWinds, Microsoft Exchange, Colonial ransomware and so many other unpublicized attacks. Biden’s new executive order seeks to pull back-burner issues into the spotlight to ensure the necessary focus and resources are available at the federal level to address cybersecurity threats, This much-needed government oversight to technology and cybersecurity is intended to ensure all government contractors and vendors comply with the basic cybersecurity principles such as Multi-Factor Authentication, Incident Response and threat detection or face being blacklisted.
XYPRO provides security solutions that ensure financial services, payment processors, and other critical infrastructure business sectors are properly secured and actively monitored for security threats. Utilize XYPRO service and support to achieve full compliance with these coming directives so your business is primed and ready to meet these tighter security objectives.
Chief Product Officer
Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on Forbes Technology Council, the NonStop Under 40 executive board, and part of the ANSI X9 Security Standards Committee.
With over 20 years in the cybersecurity field, Steve is responsible for the strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance, and security to ensure the best experience for customers in the Mission-Critical computing marketplace.
Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world.