Executive Order Calls on Private Sector to Help Improve the Nation’s Cyber Security

Order outlines steps for modernizing national cyber security and federal government networks

June 15, 2021
Major cyber-attacks on U.S. companies like SolarWinds and Colonial Pipeline have drawn attention to security vulnerabilities in our digital infrastructure. They also demonstrate how essential the private sector is to protecting the nation’s cyber security because it owns and operates much of the critical infrastructure.

To protect the U.S. from future malicious cyber-attacks, President Biden’s May 12, 2021 Executive Order on Improving the Nation’s Cybersecurity calls on the federal government “to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.” These “bold changes” include partnering with private sector companies to prevent future incidents by increasing investments in cyber security, and the private sector must adapt and “ensure its products are built and operate securely.”

The executive order supports modernizing national cyber security defenses by removing barriers to sharing information between the government and the private sector and implementing secure cloud services, a zero-trust architecture, and multifactor authentication and encryption.

Other key provisions include:

“Enhancing Software Supply Chain Security” by reviewing and updating security standards for the development of software sold to the government.

“Establishing a Cyber Safety Review Board,” co-chaired by government and private sector leads, to analyze significant cyber incidents and make concrete recommendations for improving cyber security.

“Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents” to ensure all federal agencies meet a certain threshold and can mitigate threats.

“Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks” by enabling a government-wide endpoint detection and response system and improved information sharing within the federal government.

“Improving the Federal Government’s Investigative and Remediation Capabilities” by establishing cyber security event log requirements for federal departments and agencies to detect and mitigate cyber security incidents.

How Exponent Can Help

Understanding technologies—and their weaknesses—is crucial to addressing their vulnerabilities. Exponent professionals have in-depth experience and broad knowledge in cyber security. Our consultants have developed and assessed secure technologies for protecting computers, networks, and information for commercial and governmental entities using tools such as threat modeling, hazard analysis, and insider threat detection. Additionally, we have extensive knowledge of encryption and cryptographic hashing algorithms, security protocols, and implementation of such measures. Our cyber security expertise provides our clients with powerful opportunities to design, evaluate, and implement solutions that are secure and operate reliably.

AUTHORS