Key Takeaways from the New Cybersecurity Executive Order

Sophisticated and intrusive cyberattacks are becoming ever more prevalent, with some questioning that foreign state-sponsored actors are doing all they can to penetrate the supply chain and cause havoc with integral systems. This ultimately compromises the security of the American people and the businesses they curate, as well as the robust cybersecurity defense requirements of large governmental departments.

For this reason, on May 12, 2021, President Joe Biden signed an executive order (EO) geared to increase regulations surrounding cybersecurity law and the associated compliance certain businesses will be expected to follow. For many in the cybersecurity field, this “Improving the Nation’s Cybersecurity” EO came as a welcome surprise.

Yet while such a lengthy and robust set of new cybersecurity protocols can seem welcome on the one hand, humble businesses trying to focus on compliance without feeling overwhelmed or struggling to adopt these new standards may be left out in the cold. For this reason, we have listed the key takeaways below. The new cybersecurity executive order aims to:

Modernize & update cyber security programs and protocols

Pursuing newer and refined automated testing, threat detection and cyber event monitoring protocols, the EO aims to modernize and update cyber security programs and the functions they execute. The National Institute of Standards and Technology (NIST) have released thorough definitions of what this critical software will entail, including a NIST 800-171 assessment guide for helping your business identify and implement essential compliance, especially in highly confidential and regulated fields such as the Department of Defense.

Cloud computing migration as standard

Cloud service, including Saas, PaaS, and IaaS are the focus of this new security effort, providing companies the means to meet modernization objectives as standard. This also empowers firms to centralize access to cybersecurity information and metrics, allowing them to manage and report necessary risks.

The adoption and integration of cloud technology and its technical reference architecture, including the recommended approaches to implementing both, can be expected soon.

Supply chain security as standard

A secure supply chain is a healthy supply chain, but it’s also one of the foremost targets hostile cybersecurity threats will be motivated to attack. Public sector firms will require more thorough security controls as necessary, providing software installed from the ground up to offer a complete security solution.

This involves multi-factor authentication, risk assessments, vulnerability assessments and remediation, data encryption at all levels, and a competent reporting system pursuant to immediately alerting against current threats.

Information sharing

When the federal government and the private sector are able to seamlessly communicate regarding the identification of threats, a clearer picture can be found. For this reason, this EO aims to remove barriers to sharing threat information, which will be achieved by improving the capability, storage and sending of system logs on IT systems. 

This also means that IT service providers must collect and maintain this data, providing them when requested. As such, logging and proper delivery of threat reports and the evidence from which they are generated will become an essential part of competent compliance.