Last month, President Biden signed an executive order to strengthen the federal government’s cybersecurity practices.
The decree comes amid a spate of attacks on government systems and essential services, with the widescale data breach at the software provider SolarWinds proving a tipping point.
Under the executive order, the Commerce Department must author new standards for software vendors supplying the federal government.
Contractors must also use multi-factor authentication for new technology, strengthen their encryption protocols and notify the government about security incidents that could affect government networks.
The White House’s executive order also encourages the federal government to migrate towards more secure Cloud Systems, and establishes a cybersecurity safety review board which will contain members from the public and private sector.
Chris Wysopal, the chief technology officer and co-founder of the cybersecurity company Veracode, called the executive order “surprisingly expansive”, and welcomed the addition of an oversight board.
The move replicates the success of the National Transportation Safety Board, which Wysopal says will help organizations learn from cybersecurity incidents and maintain the privacy of cyber victims.
“It’s aggressive. It’s serious. And I think it’s long overdue,” he added.
Meanwhile, a senior White House official, commented: “This executive order protects federal networks. Following the SolarWinds incident response, we were confronted by the hard truth that some of the most basic cyber security prevention and response measures were not systemically rolled out across federal agencies.
“So we identified a small set of high impact cyber defenses that when implemented, make it harder for an adversary to compromise and operate on a hacked network.”
But is it enough?
Although the executive order contains many promising requirements, some have questioned the effect it will have. Senator Mark Warner, chairman of the Senate Select Committee on Intelligence, said: “This executive order is a good first step, but executive orders can only go so far.”
He added: “Congress is going to have to step up and do more to address our cyber vulnerabilities, and I look forward to working with the administration and my colleagues on both sides of the aisle to close those gaps.”
Contractors themselves must also work to bolster their cybersecurity practices. It’s one thing to perform certain functions to meet government guidelines but something else to recognize the cybersecurity threats you face and the damage they can cause.
Those who want to better understand these requirements should consider our Certified Cybersecurity Foundation Self-Paced Online Training Course.
With this course, you’ll gain a comprehensive understanding of cybersecurity – from phishing scams and malware attacks to your regulatory requirements and appropriate best practices.
You’ll experience a practical application of cybersecurity through group discussions, exercises and case studies, all of which are designed by experts and delivered by professionals.