• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Biden Orders Massive Overhaul of Federal Agency Security

May 13, 2021 By Trevor Collins

cyber war

In response to recent cybersecurity incidences like the SolarWinds breach, Microsoft Exchange Server vulnerabilities, and the Colonial Pipeline ransomware attack, President Biden signed an executive order to increase the cybersecurity stance of the federal government and all civilian agencies it contracts with.

The 34-page executive order implements minimum security standards for the government and contractors. For example, it requires federal agencies to adopt multi-factor authentication (MFA) and a Zero-Trust architecture within the year. A Zero-Trust environment builds on the principal that each service, system, and workflow will have its own security measures to prevent unauthorized access. Some companies already use some form of MFA but its adoption is far from ubiquitous. Meanwhile, Zero-Trust architectures haven’t been fully implemented in most environments. Because of the lack of support for Zero-Trust, implementing a true Zero-Trust architecture may become a difficult task. We hope the difficulties of implementing Zero-Trust doesn’t hold back the use of MFA within these agencies. These steps in the executive order, if properly implemented, should significantly increase the federal government’s security.

Part of the order requires IT providers working with the government to notify the government of security breaches involving their own system or systems they use. Now, if only we could require all companies to notify customers of a breach involving their data. GDPR in Europe does this but the US has yet to implement similar standards on a federal level.

The order also implements a cybersecurity review board and a standard playbook for incidents response across federal agencies. Any good security policy involves a review board to ensure proper implementation of the policies. Additionally, the order rolls out a certification program for software to meet minimum-security standards. The White House compares it to an Energy Start rating for appliance power consumption.

One cybersecurity measure missed in the executive order is to implement and test backups to all critical systems. Good security policies accept some risk and mitigate it with the use of backups in case a critical system becomes compromised. For example, according to some reports the Colonial Pipeline paid the ransom after a ransomware attack this last week. If they had backups for their systems, they could have avoided paying the $5 million ransom.

Much of this executive order implements security measures we would implement ourselves in an organization. We would have liked to see this happen long ago but at least we are starting now.

 

Share This:

Related

Filed Under: Editorial Articles, Uncategorized

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use