Occurring off the back of some high-profile cyber incidents, the President’s Executive Order on Improving Cybersecurity, lays out some ambitious plans and initiatives, as well as an aggressive timeline for helping to strengthen the cybersecurity of the government and for the companies that it does business with.
One of the critical points is that it looks to form some cybersecurity practices for the nation as a whole, including information sharing, development practices such as secure software development practices, as well as incident responses. What does this mean for you in the private sector? Here are the key points that you need to know.
Who is the Cybersecurity Executive Order Aimed at?
The nature of cyberattacks can vary, but the executive order is aimed at the public sector as well as the private sector. The public sector is already committed to abiding by the order, but the private sector is encouraged to take steps to improve their cybersecurity so that the threats as a whole can be reduced.
What Does the Cybersecurity Executive Order Mean?
Removing Barriers to Sharing Information
Before the executive order, any IT services provider would have been aware of the threat to sharing and breaches of data. The executive order calls for a revision of practices, policies, and contracts, to make sure that service providers collect data in safe ways, in order to prevent attacks and provide an effective defense of any sensitive information.
Implementing Stronger Cybersecurity Standards
The executive order calls for a specific adoption of the zero trust architecture when using cloud migration technology. It also calls for the federal government to deploy encryption and improved data collection methods. By taking these steps, it helps to ensure the cloud is kept secure, but still allowing the scalability and the agility that comes from the cloud.
Improve Software Supply Chain Security
By having a baseline standard for security of software development, it will help the government to know exactly what they are getting. This means developers need to make any security data available. This will help the government’s procurement to incentivize the software market and help to build security into a range of software.
A Cybersecurity Safety Board
By creating a safety review board that will help to analyze any cybersecurity incidents after they happen, it will help to make recommendations for ways to improve cybersecurity. This board will be created by and co-chaired by the government, as well as the private sector, with the aim of helping to learn important lessons to improve the future.
Creating a Standard Response to Cybersecurity Incidents
By having a standard response to cybersecurity threats, it can help to identify incidents, as well as help to recover from them. At present, the procedures can vary from agency to agency. By having a standard and consolidated playbook for responses, it will improve tracking, coordination, and progress when there are incidents.
Improving the Detection of Cybersecurity Incidents
The federal government is also looking to improve the detection of cybersecurity incidents. By having resources that are dedicated to having an endpoint that is government-wide, it can help to detect and respond to systems and mean early possible detection of threats and vulnerabilities.