President Biden Signs Cybersecurity Executive Order

Posted inBusiness, Cyber Security, Security

The government mindset around cybersecurity is changing from reaction to prevention. The executive order is a good start, but Congress needs to take further action.

The last year saw more cybersecurity issues than most can remember in recent years. The coronavirus pandemic forced businesses to send their entire workforce home, minus essential employees. The majority of businesses were unprepared for this and lacked the security measures needed to protect sensitive information. Threat actors knew this and, as criminals, pounced on the opportunity to break through those weakened defenses. Attacks rose, the discovery of novel vulnerabilities and configuration problems rose, and businesses struggled to keep up with it all. 

Last week, President Biden signed an executive order around cybersecurity defenses. The order specifically mentions the SolarWinds, Microsoft Exchange server and the Colonial Pipeline breaches as factors in this decision. The order focuses on “improving the nation’s cybersecurity.” and outlines changes to be made. These changes include:

  • Removing barriers to threat information sharing between government and the private sector
  • Modernization and implementation of stronger cybersecurity standards in the federal government
  • Improving software supply chain security
  • Establishing a cybersecurity safety review board
  • Creating a standard playbook for responding to cyber incidents
  • Improving detection of cybersecurity incidents on federal government networks
  • Improving investigative and remediation capabilities

The standardized playbook will be reviewed by the director of CISA, and NIST has been tasked with developing a labeling program to help consumers and businesses better understand the security capabilities of IoT devices. Think about the Energy Star labels on appliances, the order looks to make a similar type of label for IoT devices based on the security embedded within it.

All of this is fantastic, it’s a good first step to creating standards and regulations around cybersecurity and cyberattacks. The main reason cyberattacks are so prominent, especially today, is because the repercussions aren’t concrete. Plus, with the barriers in information sharing between the private sector and law enforcement, it takes entirely too long to trace an attack. By the time investigators are bounced through several servers in different countries to pinpoint an exact location, the attacker is no longer there. 

What we really need is congressional legislation and action around cyber activity. This order gets the ball rolling and shifts the mindset from reaction to prevention, which should always be a top priority for any business. Incident response plans are important, but preventing these attacks is much more cost effective, among other benefits. Senator Mark Warner took to Twitter, saying, “This executive order is a good first step, but executive orders can only go so far.” His tweet continues:

There are a few takeaways from this. The US government finally seems to be taking notice of cybersecurity problems and adjusting their mindset. This is good, but it remains to be seen how far they actually take it. The creation of the playbook will be for federal and government agencies, but the private sector has to follow suit. Businesses throughout the country should pay close attention to what the government does and ensure they are taking similar action. Removing barriers in information sharing is going to take some time. There will be red tape, there may be new legislation required and creating a streamlined process will take time. Still, this is another step in the right direction.

Executive orders can only go so far. But it’s clear that something has to be done to protect the security of our infrastructure, supply chains and any other foundational economic necessities. If you’re a business owner, take note. Pay attention to what happens with this order, what Congress decides to do with legislation and what the government puts into place for its own security. Consult an expert to review what you currently have in place and make recommendations for any gaping holes. Protect your business and your livelihood! Even if nothing else comes of this except Energy Star-like ratings for security in IoT devices, I will count this as success.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY