The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available.
The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption. Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors. The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. Removing any contractual barriers and requiring providers to share breach information that could impact Government networks is necessary to enable more effective defenses of Federal departments, and to improve the Nation’s cybersecurity as a whole. Sometimes this can be due to contractual obligations in other cases, providers simply may be hesitant to share information about their own security breaches. IT providers are often hesitant or unable to voluntarily share information about a compromise. The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information. Remove Barriers to Threat Information Sharing Between Government and the Private Sector. Specifically, the Executive Order the President is signing today will: We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents. Much of our domestic critical infrastructure is owned and operated by the private sector, and those private sector companies make their own determination regarding cybersecurity investments. However, the Colonial Pipeline incident is a reminder that federal action alone is not enough. It is the first of many ambitious steps the Administration is taking to modernize national cyber defenses. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.
Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. Today, President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks.
0 kommentar(er)
