For too long, both the private and public sectors have not prioritized cybersecurity efforts enough and only acted in "Good faith" - an inadequate effort to improve cybersecurity. Recently, President Biden issued the Executive Order on Improving the Nation's Cybersecurity, to set government standards and best practices for cybersecurity across sectors, and it is good to see the focus on automation.
The Executive Order can be seen as a response to the extent and effect of recent breaches, and the acceptance that Federal departments and agencies are failing to adequately secure their systems. An August 2021 Senate Report titled Federal Cybersecurity: America's Data Still at Risk comments, "This report finds that these seven Federal agencies still have not met the basic cybersecurity standards necessary to protect America's sensitive data."
The problem is that while the Executive Order is a great start, the two primary requirements for putting Zero Trust into effect, MFA and encryption, don't really close all cloud security gaps. These attack vectors show the importance of SaaS security management to cloud security as a whole.
If we move too fast, while attempting to shift to the cloud, we will create more issues. Urgently configured cloud migrations make my job a breeze, especially when we're taking solutions that weren't secured well in the first place, to a new cloud environment.
TechRepublic's Karen Roby spoke with Jennifer Bisceglie, CEO of Interos, about President Joe Biden's executive order on cybersecurity. The first one talks about all software that the government purchases needs to meet new cybersecurity standards within six months, so they actually put a timeframe around it, around multi-factor authentication, endpoint detection and response of software.
There's still a lot of work to be done, but it will help companies feel better about reporting breaches and sharing information.
The compromise of SolarWinds enterprise solutions and the recent Microsoft Exchange zero-days have had a tremendous impact on the security posture of many US organizations, and it was just a matter of time before the US federal government took steps to act on these threats. While there's some focus on threat intelligence sharing between different agencies and between providers and federal agencies, I am going to be focusing this article on the more preventive security measures outlined in the EO, specifically relating to modernizing federal government IT infrastructure, supply chain security and vulnerability management.
For the US government and its suppliers, this executive order represents massive change. This post focuses on the Executive Order on Improving the Nation's Cybersecurity and its impact on cybersecurity and the zero trust approach.
Commentary: It's progress that President Biden's executive order recognizes the need to secure open source software. Writing at that time, Recordon said, "The pandemic and ongoing cyber security attacks present new challenges for the entire Executive Office of the President." Fast forward to May 2021, and President Biden issued an executive order on improving the nation's cybersecurity, with Recordon's open source fingers all over the document.
Though most of the EO is aimed at government agencies, vendors and developers will have to design all of their products with a greater focus on security, according to Finite State. With ransomware attacks increasingly impacting businesses, government agencies and critical infrastructure, President Joe Biden last week signed an executive order designed to shore up the nation's cyber security.