President Biden’s Executive Order on Cybersecurity and the Impact This Will Have on NE Ohio Businesses
Technological advancements have some shortcomings. These advancements sometimes favor cybercriminals, which puts public and private sectors in vulnerable positions. For instance, the recent malicious cyber deeds that could have crippled the Colonial Pipeline seized President Joe Biden’s government’s attention to make improvements to the cybersecurity defense measures. The first step the president took is to sign executive order 14028 on May 12, 2021. Read on to gain insight on what every section of the executive order covers and how it will affect businesses in NE Ohio.
Section 1: Policy
The US is facing continuous and increasingly sophisticated harmful cyber-attacks. They endanger the security and privacy of both the public and private sector and, generally, the American people. This executive order helps the government identify, deter, secure, and respond to cyberattacks and cybercriminals. Above all, the government must examine the losses incurred after such cyber incidents to strengthen their security. However, for it to effectively improvise cybersecurity, it has to partner with the private sector. The government also has to bear its authorities and resources’ full scope to safeguard its computer systems that process data and those that oversee our safety (IT and OT). In this executive order, President Biden stresses that his government must lead by example. It should either meet or surpass the standards and conditions of cybersecurity.
Section 2: Removing Barriers to Sharing Threat Information
The Federal Government will work closely with both IT and OT service providers. This will help it conduct an array of day-to-day functions on the Federal Information Systems. For example, cyber incident data and information is shared and reported by service providers. However, the current contract prohibits the disclosure of risk or crisis information. This section lifts limits to increase the government’s access to breach information, therefore, allowing it to be more successful in safeguarding its Federal systems and the nation’s cybersecurity.
Potential Impact on NE Ohio Businesses
Government contractors may face new requirements relating to data collection techniques, incident response plans, and incident notification procedures. This is as a result of contract revisions. It’s also likely that the private sector may embrace the amended contractual terms and cybersecurity regulations. This will require businesses to adjust their service offerings accordingly.
Section 3: Modernizing Federal Government Cybersecurity
The Federal Government must try to upgrade its cybersecurity strategy while safeguarding its people’s privacy and civil liberties. This section explains how to:
- Integrate cloud technology services
- Create and implement a Zero Trust Architecture
- Establish multi-factor authentication and encryption
Potential Impact on NE Ohio Businesses
These standards align with what many private sector companies are currently doing to meet the changing cyber-risk environment. As a result, they can serve as a blueprint for NE Ohio businesses striving to improve their cybersecurity position.
Section 4: Enhancing Software Supply Chain Security
This section highlights the value of essential and commercial software. It also states the necessity to enhance the software’s security and integrity. This necessitates input from various agencies and sectors on current policies and creating new standards and tools to ensure adherence to standards and criteria. This will result in rules for determining if the software was produced safely and rules for software development and how to embed security into it.
Potential Impact on NE Ohio Businesses
This effort has the potential to assist NE Ohio businesses in making better decisions about software acquisition strategies. On the other hand, federal contractors should keep this pilot program in mind as they negotiate software contracts now. Do you know why? Their government contracts may compel them to employ only technologies that have the “approved” mark. If a federal contractor’s software fails to satisfy the new criteria, the contractor may be forced to switch to a different software solution leading to contractual complications.
Section 5: Establishing a Cyber Safety Review Board
The Department of Homeland Security and the Attorney General shall form the Cyber Safety Review Board. It will analyze and evaluate cyber-attacks to enhance cybersecurity and incident response methods. The board will be made up of government representatives, the corporate sector, and the Defense and Security Departments.
Potential Impact on NE Ohio Businesses
It will be fascinating to observe what role this new board will play in dealing with cybersecurity breaches. Above all, it will be great to see how corporations affected by such breaches will be involved. In addition, depending on how the board is used, NE Ohio businesses may be prompted to form their boards to assess cybersecurity incidents that impact them.
Section 6: Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents
Numerous techniques for recognizing, rectifying, and recovering from vulnerabilities and incidents have been dispersed across various agencies. This standardized response approach will establish operating protocols to consolidate incident categorization and progress tracking. In addition, this playbook will include all National Institute of Standards and Technology (NIST) standards. On top of that, it will provide an understanding of cyber mishaps and an agency’s cybersecurity situation. As a result, strategies for dealing with cyberattacks for agencies will not be left behind.
Potential Impact on NE Ohio Businesses
Businesses should pay attention to NIST’s upcoming rules. The NIST recommendations can also serve as a path for a company’s cybersecurity planning.
Section 7: Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks
This Executive Order section tries to increase the government’s ability to detect cyber activity on its networks. For example, the government will create a system called Endpoint Detection and Response (EDR). The system will detect early malicious activities. Therefore, it will reduce exposure to attackers.
Potential Impact on NE Ohio Businesses
This move follows the rising implementation of endpoint monitoring systems in the private sector. It should encourage firms that are on the fence about implementing EDR to do so.
Section 8: Improving the Federal Governments Investigative and Remediation Capabilities
This section emphasizes the need for logging information and maintaining important information gathered by agencies and IT service providers from systems and networks. This will help government departments and agencies to investigate, mitigate and effectively address cyber threats and incidents.
Potential Impact on NE Ohio Businesses
Companies should check these policies once they’ve been made public. Then, they will know whether they correspond with their logging methods and standards and make any necessary changes.
Section 9: National Security System
Finally, the Defense Secretary will adopt the National Security Systems requirements via the National Manager. The manager will publish a National Security Memorandum on cybersecurity programs, standards, and requirements per the Executive Order.
Conclusion
Cybercrimes have become a big threat to everyone nowadays. Some businesses have lost a large customer base and important information because of such acts. Luckily, President Biden recently signed executive orders covering everything from the Covid-19 pandemic to the cyber activities. The Rea & Associates is well-versed on the ins and outs of the technology environment. Schedule time to sit down with our team to go through all your cybersecurity needs any day.