President Biden has issued the Executive Order on Improving the Nation’s Cybersecurity on May 12, 2021. The Cybersecurity policy is aimed at preventing, detecting, assessing, and remediating the cyber incidents as a top priority and essential to national and economic security. It seeks to both strengthen the cybersecurity of the federal government and push the private sector to further strengthen its approach to cybersecurity.
The Executive Order seeks to make the following changes:
- Remove Barriers to Threat Information Sharing Between Government and the Private Sector- The Executive Order ensures that IT Service Providers can share information with the government and requires them to share certain breach information. IT providers are often unable to voluntarily share information about any threat. The Executive Order aims to remove any contractual barriers and require providers to share breach information that could impact Government networks is necessary to enable more effective defenses of Federal departments, and to advance the Nation’s cybersecurity.
- Modernize and Implement Stronger Cybersecurity Standards in the Federal Government- It further seeks to increase Government’s adoption of best security practices by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.
- Improve Software Supply Chain Security- It will improve the software’s security by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available.
- Establish a Cybersecurity Safety Review Board- co-chaired by government and private sector leads, that may inspect following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity.
- Create a Standard Playbook for Responding to Cyber Incidents- The Executive Order aims to create a standardized playbook and set of definitions for cyber incident response by federal departments and agencies.
- Improve Detection of Cybersecurity Incidents on Federal Government Networks- The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government wide detection and response system and improved information sharing within the Federal government.
- Improve Investigative and Remediation Capabilities- The Executive Order creates cybersecurity event log requirements for federal departments and agencies.
*Tanvi Singh, Editorial Assistant has put this story together.