HomeTech PlusTECH & OTHER NEWSIncremental improvements are not enough as Biden signs order boosting US cyber...

Incremental improvements are not enough as Biden signs order boosting US cyber posture

president-biden-gettyimages.jpg
Image: Getty Images

United States President Joe Biden signed an executive order on Wednesday to boost the cyber posture of the federal government.

The order points to recent incidents including the ransomware attack on Colonial Pipeline, Exchange vulnerabilities that led to the FBI removing web shells from US servers, and the SolarWinds attack.

The order said the federal government must lead by example.

“Incremental improvements will not give us the security we need; instead, the federal government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life,” the order states.

“The federal government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid.

“The scope of protection and security must include systems that process data (information technology) and those that run the vital machinery that ensures our safety (operational technology).”

The order mandates that agencies have 180 days to implement multi-factor authentication and encrypt data both at rest and in transit “to the maximum extent” available under federal records and other laws. Agencies that cannot meet the deadline will need to provide a written explanation why not.

“Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors,” the White House said in a fact sheet.

“The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.”

A Cybersecurity Safety Review Board will be established under the order and be constituted by federal officials from the Department of Defense, Department of Justice, CISA, NSA, and FBI, as well as private-sector representatives to be determined by the Secretary of Homeland Security. The board will be chaired and co-chaired by one federal and one private-sector member.

The board will meet following a “significant” cyber incident and analyse what happened and make recommendations.

“When something goes wrong, the Administration and private sector need to ask the hard questions and make the necessary improvements,” the White House said.

“This board is modelled after the National Transportation Safety Board, which is used after airplane crashes and other incidents.”

A standardised playbook for incident response will also be created, as will a “government-wide endpoint detection and response system” and mandate to maintain logs to help in incident detection, investigation, and remediation.

“Slow and inconsistent deployment of foundational cybersecurity tools and practices leaves an organisation exposed to adversaries,” the fact sheet states.

Earlier on Wednesday, the Colonial Pipeline restarted operations.

Related Coverage

By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS