President Biden signed an executive order this week to improve the country’s defenses against cyberattacks, it is an important move that comes shortly after the recent wave of attacks, such as the SolarWinds supply chain attack and the Colonial Pipeline attack.
“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.” reads the 34-page document.
The document titled Executive Order on Improving the Nation’s Cybersecurity aims at modernize the cybersecurity defenses to make the federal government’s infrastructure resilient to increasly sophisticated attacks.
The order proposes a standardized Federal Government’s Playbook for responding to cybersecurity vulnerabilities and incidents, it also aims at improving the sharing of information related to threats and threat actors.
The order requires IT (information technology) and OT (operational technology) service providers to share information about cybersecurity threats and incidents.
The order assigned to the Secretary of Homeland Security, in consultation with the Attorney General, the responsibility of establishing the Cyber Safety Review Board (Board) which will review and assess cybersecurity.
“The Board’s membership shall include Federal officials and representatives from private-sector entities. The Board shall comprise representatives of the Department of Defense, the Department of Justice, CISA, the NSA, and the FBI, as well as representatives from appropriate private-sector cybersecurity or software suppliers as determined by the Secretary of Homeland Security.” continues the order. “A representative from OMB shall participate in Board activities when an incident under review involves FCEB Information Systems, as determined by the Secretary of Homeland Security. The Secretary of Homeland Security may invite the participation of others on a case-by-case basis depending on the nature of the incident under review. “
Federal agencies are requested to implement a Zero Trust Architecture, implement multi-factor authentication, and adopt encryption for data at rest and in transit.
The order urges to Improve the security of the software supply-chain by developing guidelines, tools, and adopting best practices to audit critical software components.
“The security of software used by the Federal Government is vital to the Federal Government’s ability to perform its critical functions.” states the order. “Accordingly, the Federal Government must take action to rapidly improve the security and integrity of the software supply chain, with a priority on addressing critical software.”
The measures have to assure that software is not tampered with by threat actors and have to be resilient to supply-chain attacks.
The order also urges the deployment of a centralized Endpoint Detection and Response (EDR) solution and intra-governmental information sharing for early detection of any compromise and attack.
The actions listed in the order have to be conducted in a period of time that ranges between 30 days up to 360 days.
The White House has also released a FACT SHEET related to the executive order that provides a summary of its content.
(SecurityAffairs – hacking, executive order)