What Biden's Cybersecurity Executive Order and Memo Really Mean
Following the recent Executive Order on "Improving the Nation's Cybersecurity", on June 2, 2021, President Joe Biden's team released a memo specifically to corporate executives and business leaders of all sizes in both the public and private sector. The goal of this memo is to bring awareness of the actions the federal government is taking and to urge all businesses to take action in protecting against ransomware.
Why an Executive order Regarding Cybersecurity is Happening Now
Over the past several months, there has been an increase in serious attacks on the United States government, U.S. based companies, as well as suppliers to the US government. The increase of these attacks have not only come in their frequency, but have also impacted various industries and organizations across the country. The most notorious and detrimental attacks this year include the organizations SolarWinds and Colonial Pipeline—and now JBS, a major U.S. meat producer.
The SolarWinds attack shed light on the software supply chains susceptibility. Thousands of companies use products from SolarWinds and were impacted by the compromised supply chain uniquely. Countless hours were spent determining if organizations were impacted by the SolarWinds breach by pushing out updates and recommending additional security protections.
During the Colonial Pipeline attack, a single organization was targeted. However, the scope of the ransomware attack impacted millions of people by causing a gasoline shortage that increased oil prices across the United States. Reports indicate that the cyberattack on Colonial Pipeline was attributed to an unpatched Microsoft Exchange vulnerability in an on-premise environment which allowed for an established attacker gang, called REvil, to gain access.
Recent news announced that REvil was also behind the attack on the popular meat supplier, JBS.
Potential Impact on Security Posture
The increasing number of security breaches on critical infrastructure in the United States, including energy, food supply, healthcare and financial systems, have illustrated the need to strengthen the IT security posture for the country as a whole. It will not only take the efforts from our federal government to improve cyber conditions, but businesses are equally feeling the pressure. The government is urging that businesses adapt to the continuously changing threat environment and ensure their infrastructure operates securely.
The Executive Order outlines that all Federal Information Systems should meet or exceed the standards and requirements as it relates to:
- Removing Barriers to Sharing Threat Information
- Modernizing Federal Government Cybersecurity
- Enhancing Software Supply Chain Security
- Establishing a Cyber Safety Review Board
- Standardizing the Federal Government's Playbook for Responding to Cybersecurity Vulnerabilities and Incidents
- Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
- Improving the Federal Government's Investigative and Remediation Capabilities
The first part of this memo serves to protect the US government as a whole by requiring that government suppliers, like software providers, tighten up their security; specifically around how it is developed, how testing is performed, and to what extent devices are secured. Securing the software supply chain helps ensure that adversaries aren’t allowed easy access to government agencies or companies. The more vulnerabilities (or bugs) that are removed before a product is released or shipped, the less likely it can be exploited in the future.
This is an important first step in improving the country's security, but certainly won't be the last time the government responds with proactive recommendations. The same businesses that produce software for the US government also support companies across the country. By signing this Executive Order, the US hopes to see long term benefits in increasing cybersecurity protection measures that will protect US businesses and the government from threats against ransomware or even loss of intellectual property.
latest white house memo
On June 2, 2021, the Federal Government took an additional action by releasing a memo directly to all business leaders urging them to immediately convene their leadership teams to evaluate ransomware threats, or security gaps, review corporate security posture, and their business continuity plan. The memo lays out a strategic approach to implementing a proactive business continuity response, which is aligned with what we recommend to all of our clients today.
Vetting your business continuity plan means thoroughly understanding your Incident Response Plan (IRP). Simply, evaluate your business resiliency and how long it will take to recover from a hack. The question becomes less about “what” it is we need to do, and more “how” do we do it.
An easy example would be data backups. Yes, you backup your data, but how you back it up makes all the difference. Ask if the backups are encrypted, how much time would it take to restore those systems, what is our retention policy, etc.
Centre follows a simplified approach where we focus on these four things:
- Clean copy of data
- Proactive threat hunter
- Visibility into security gaps
- Cyber insurance – A small chapter of a full IRP
Planning and implementing your security plan doesn't have to be a daunting task, but it can be for many organizations due to lack of internal resources to thoroughly roll out and monitor your environment. Centre Technologies is here to help you build out your Business Continuity and Rapid Response Security Plan to ensure that your business and employees don't suffer from a cyber attack.