Biden issues executive order to increase U.S. cybersecurity defenses

After the case of the colonial pipeline on 21 May 2021, President Biden presented an order to improve the cybersecurity defenses. Cybercrimes increases day by day and affected the information system and infrastructure. The executive order aims to modernize the cybersecurity defenses by protecting federal networks.

Eliminating the barriers to threat information sharing between the federal government and private sector. The executive order ensures that to remove barriers threat information sharing between government and private sector. The attack on the colonial pipeline should be an alarming call to improve security protocols. The executive also includes enhancing critical logging information related to an incident and establishing a universal, consistent, and straightforward methodology for responding to the incident.  

Improving software supply chain security. It also ensures the affected entities share information safely and securely. The order focuses on software supply chain security because the attackers hack software and control on computer data of companies. National Institute of Standards and Technology (NIST) issues develop guidance for strict baseline security standards for software sold to the government. It includes a requirement to make software security data publicly available.

The executive creates a pilot program that will allow buyers to quickly and easily determine whether the software developed within the requirements. It was also considered to establish a playbook for uniform steps identifications and lighten threats. The playbook also set out guidelines for the private sector when responding to cyber incidents. It is essential to respond to efforts across federal departments and agencies. 

Modernizing and Implementing more substantial cybersecurity standards is also needed in the federal government consideration. The order helps to secure cloud services and the lack of trust architecture of the federal government. There is a security concept known as zero trusts where the organization does not mean anything automatically. It is the inside or outside of the organization do not trust. They must verify devices that are trying to connect before permit access. The extractive order includes that multifactor confirmation and encryption at rest. 

The executive board establishes a cybersecurity safety review board representative from department defenses, department of justice, National security agency, Cybersecurity, and infrastructure security agency. Selected private-sector Cybersecurity.

The executive order does not discuss any new things; all things are known from years. The executive order will be critical in the increase of cybersecurity attacks in the last few years. 

Reference: https://www.bleepingcomputer.com/news/security/biden-issues-executive-order-to-increase-us-cybersecurity-defenses/