ArticlesC2 Summer 2021Security President Biden’s Cybersecurity Order 101: The Essential Guide by Steve Tcherchian June 15, 2021 written by Steve Tcherchian June 15, 2021 [vc_row][vc_column][vc_column_text]On May 12th, 2021, President Biden released the “Executive Order on Improving the Nation’s Cybersecurity”. Its primary goal is to secure our national digital landscape. What we’re seeing is an overdue, full-force reaction to the threats to cybersecurity and operational infrastructure. This order is primed for success due to the increase and impact of cyberattacks targeting the US government and critical infrastructure. The size and scope of this document would imply that it has been something in the works for some time. It is a lot to read, and it can be hard to discern how the digital community will be required to respond to it, but we will break it down… Much of the document is a delegation of assignments to discover the gaps in our nation’s security implementations. It also calls upon the vast array of governmental agencies to remove barriers to sharing threat information among one another when breaches, malware and unauthorized data is distributed. This is a watershed moment for cybersecurity because federal agencies are now required to implement multi-factor authentication (MFA) across their IT environment. In terms of cybersecurity protection, MFA provides the best bang for the buck. It’s only a matter of time before this requirement makes it down to the financial services and the payments industry as well as other critical infrastructure sectors. Another focus area are the risks posed by third parties. Most of these attacks have found their way into government agencies through insecure third parties. This executive order requires all third parties working with the federal government to strictly adhere to these basic, yet powerful guidelines or risk losing their contracts and being blacklisted. Software vendors will now be responsible to adhere to strict security and development guidelines if they wish to continue to supply technology to government agencies. These guidelines include: Disclosing how much open-source code is used in their code. Government entities will have to create lists of software that is integral to their functions so that they can be examined and cleared for use. Software providers will be asked to house their coding divisions separately in secure buildings. Maintain a ‘provenance’ on all code that is utilized that was not written in-house. Provide a purchaser a Software Bill of Materials (SBOM) for each product. Other notable items of the order include: Modernizing Federal Government Cybersecurity. Advancing towards a Zero Trust Security Model Centralize cybersecurity data and analytics for quickly identifying breaches. Enhancing Software Supply Chain Security. Establishing a Cyber Safety Review Board Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks Improving the Federal Government’s Investigative and Remediation Capabilities. XYPRO, and many other cybersecurity firms, have been advocating for years about the need for government and regulatory oversight to prevent incidents such as the SolarWinds, Microsoft Exchange, Colonial ransomware and so many other unpublicized attacks. Biden’s new executive order seeks to pull back-burner issues into the spotlight to ensure the necessary focus and resources are available at the federal level to address cybersecurity threats. This much-needed government oversight to technology and cybersecurity is intended to ensure all government contractors and vendors comply with the basic cybersecurity principles such as Multi-Factor Authentication, Incident Response and threat detection or face being blacklisted. XYPRO provides security solutions that ensure financial services, payment processors, and other critical infrastructure business sectors are properly secured and actively monitored for security threats. Utilize XYPRO service and support to achieve full compliance with these coming directives so your business is primed and ready to meet these tighter security objectives. [/vc_column_text][vc_empty_space][vc_column_text] [/vc_column_text][vc_empty_space][/vc_column][/vc_row] Connect ConvergeConnect WorldwideConnectConvergeCybersecuritycybersecurity threatsFEDERALHPEHPE Mission CriticalHPE user communityMFASBOMSteve TcherchianXYPROXypro Technology Corp. 0 comment 1 FacebookTwitterPinterestEmail Steve Tcherchian Steve Tcherchian, CISSP, PCI-ISA, PCIP is the Chief Product Officer and Chief Information Security Officer for XYPRO Technology. Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and part of the ANSI X9 Security Standards Committee. With over 20 years in the cybersecurity field, Steve is responsible for strategy and innovation of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace. Steve is an engaging and dynamic speaker who regularly presents on cybersecurity topics at conferences around the world. previous post Security Champions – they can help put the “SEC” in DevSecOps next post 4 Case Studies: Using Data Analytics for Success You may also like Modern file storage accelerates the AI-driven search for... August 31, 2023 Historic collaboration: Next-gen virtual infrastructure accelerates apps, boosts... October 16, 2022 Modernize the hospital data center with personalized healthcare... October 16, 2022 Are we on the path to a National... October 16, 2022 The Struggle with Threat Intelligence October 16, 2022 Modernize your data management with HPE GreenLake and... October 16, 2022 Introducing Qualcomm Cloud AI 100 Accelerators for HPE... October 16, 2022 Recap HPE Discover 2022 October 16, 2022 Making App Modernization Easier with HPE and vFunction October 16, 2022 The Insider Threat Problem: Your biggest threat may... October 16, 2022