Initial Impressions – Executive Order on Improving the Nation’s Cybersecurity
Citing the overwhelming evidence that cybersecurity incidents such as: SolarWinds, Microsoft Exchange, and, more recently, Colonial Pipeline, threaten our nation’s economic and physical wellbeing, the executive order signed yesterday “charts a course to improve the nation’s cybersecurity and protect federal government networks.”
Thank you, Mr. President. While we hope that proposed legislation (read: Infrastructure Bill) directly funds the upgrading and oversight of our country’s critical infrastructure, this is the correct first step to ensure that both the public and private sector, including your company and ours, are involved in the effort.
Over the course of the next few months, I will be sharing a more in-depth review of fundamental aspects of the order. For now, here are my first Impressions:
- The National Institute of Standards and Technology Framework Cybersecurity Framework (“NIST CSF”) is front and center in the guidance going forward, right where it belongs.As any of you who have worked with us know, or even those who have read our blogs, Layer 8 Security is a NIST shop, and at the center of most engagements we do.
- The EO seeks to create a standardized cybersecurity template to “ensure all federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate threats” based on NIST guidance. Once the template is established, private companies will be encouraged to adopt and employ the framework. In our experience it will be more than encourage however, as the compliance ecosystem rolls downhill.
- Incident Readiness and Response are central to the EO. Again, we at Layer 8 Security see the wisdom in this approach and offer Incident Response Readiness as an introductory Service for clients with a limited budget and rudimentary protections to begin addressing needs.
- The EO establishes a Cybersecurity Safety Review Board, made up of both public and private sector members, to review events and recommend next steps. This step recognizes the significance of private industry stepping up to the plate and partnering with the public sector for everyone’s benefit.
For those interested in reading more, I attach the following link: Fact Sheet:
And for those interested in understanding how the EO could affect your business, feel free to send us a note on our Contact Us page. We’re happy to chat.