WE NEED A NEW NATIONAL CYBER SECURITY STRATEGY

  • Modernizing Federal Government Cyber Security
  • Enhancing Software Supply Chain Security
  • Establishing a Cyber Security Review Board
  • Standardizing Government Playbooks for Incident Response and Vulnerabilities
  • Improving Detection of Vulnerabilities and Incidents on Federal Government Networks
  • Improving the Federal Government’s Investigative and Remediation Capabilities
  • National Security Systems

WHO DOES THE EXECUTIVE ORDER APPLY TO?

Perhaps the most fundamental question that needs to be addressed is “who does this apply to?”

WHAT IS BEING MANDATED…

Let’s be clear, while the Executive Order is relatively light reading by government standards, it still contains a lot of material to process. While much of the material contained in the Order is administrative in nature, there are a few significant elements.

…FOR THE PRIVATE SECTOR?

The majority of the order focuses on the public sector. But, there are orders to review the Federal Acquisition Regulation (FAR) contract requirements with an eye towards cyber security delivered to the government from the private sector. This includes regulations around data preservation, the sharing of “cyber threat and incident information,” as well as mandating the “… implementation of technical capabilities, such as monitoring networks for threats …” The concerning part is that is all that is mentioned.

…FOR THE FEDERAL GOVERNMENT?

Endpoint Detection and Response

HOW WILL THIS HAPPEN?

The most critical component to understanding any legislation is understanding how it will happen. This is because successful legislation only starts with the order. It is how that order is interpreted, planned, carried out by the staffers and bureaucrats that ultimately determines the success of the legal effort. This is where the Executive Order begins to show some significant cracks.

SO WHAT IS THE ANSWER?

Let’s be very clear: the Executive Order signed on 12 May 2021 is a step in the right direction. It acknowledges that traditional reactive security isn’t sufficient, and that joint INTERPOL operations and DoJ indictments aren’t dissuading actors from attacking the United States, its critical infrastructure, and everyday Americans. However, the belief that an Executive Order, without financial support, or the critical mass of people, processes, and accountability to accomplish the mission can solve, or even dramatically alter, the status quo is naïve.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.