June 15, 2021
Order outlines steps for modernizing national cybersecurity & federal government networks
Major cyber-attacks on U.S. companies like SolarWinds and Colonial Pipeline have drawn attention to security vulnerabilities in our digital infrastructure. They also demonstrate how essential the private sector is to protecting the nation's cybersecurity because it owns and operates much of the critical infrastructure.
To protect the U.S. from future malicious cyber-attacks, President Biden's May 12, 2021 Executive Order on Improving the Nation's Cybersecurity calls on the federal government "to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life." These "bold changes" include partnering with private sector companies to prevent future incidents by increasing investments in cybersecurity, and the private sector must adapt and "ensure its products are built and operate securely."
The executive order supports modernizing national cybersecurity defenses by removing barriers to sharing information between the government and the private sector and implementing secure cloud services, a zero-trust architecture, and multifactor authentication and encryption.
Other key provisions
"Enhancing Software Supply Chain Security" by reviewing and updating security standards for the development of software sold to the government.
"Establishing a Cyber Safety Review Board," co-chaired by government and private sector leads, to analyze significant cyber incidents and make concrete recommendations for improving cybersecurity.
"Standardizing the Federal Government's Playbook for Responding to Cybersecurity Vulnerabilities and Incidents" to ensure all federal agencies meet a certain threshold and can mitigate threats.
"Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks" by enabling a government-wide endpoint detection and response system and improved information sharing within the federal government.
"Improving the Federal Government's Investigative and Remediation Capabilities" by establishing cybersecurity event log requirements for federal departments and agencies to detect and mitigate cybersecurity incidents.
How Exponent Can Help
Understanding technologies — and their weaknesses — is crucial to addressing their vulnerabilities. Exponent professionals have in-depth experience and broad knowledge in cybersecurity. Our consultants have developed and assessed secure technologies for protecting computers, networks, and information for commercial and governmental entities using tools such as threat modeling, hazard analysis, and insider threat detection. Additionally, we have extensive knowledge of encryption and cryptographic hashing algorithms, security protocols, and implementation of such measures. Our cybersecurity expertise provides our clients with powerful opportunities to design, evaluate, and implement solutions that are secure and operate reliably.