Executive Order (EO) on Improving the Nation’s Cybersecurity: The cybersecurity path forward.June 18, 2021
On May 12, 2021, President Biden announced his policy on cybersecurity improvements. These actions will direct the Executive Branch of our government to act. As with similar presidential actions, this EO will outlast his presidential incumbency. For example, on August 27, 2004, the then President Bush issued Homeland Security Presidential Directive 12 (HSPD-12). HSPD-12 provided Policies for a Common Identification Standard for Federal Employees and Contractors. Currently, the Federal Government and supporting contractors continue programs implementing this directive. One other important EO is EO 13636. On February 12, 2013, the white House issued this directive by the then President Obama. EO 13636 provided President Obama’s policy for Improving Critical Infrastructure Cybersecurity.
Therefore, this EO published by President Biden will impact Federal cybersecurity programs in the future. In a fact sheet accompanying President Biden’s order outlined seven core tenets. The EO will:
- Remove Barriers to Threat Information Sharing Between Government and the Private Sector
- Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
- Improve Software Supply Chain Security
- Establish a Cybersecurity Safety Review Board
- Create a Standard Playbook for Responding to Cyber Incidents
- Improve Detection of Cybersecurity Incidents on Federal Government Networks
- Improve Investigative and Remediation Capabilities (EO Fact Sheet, 2021).
In addition to these tenets introduces the term Zero Trust Architecture (ZTA). ZTA is described as a security model that will enhance an organization’s cybersecurity posture (EO 2021 Sec 10, Para (k)). In August 2020, The National Institute of Standards and Technology released a Special Publication (SP) titled Zero Trust Architecture. The key objective of a ZTA is to manage risks related to the access to systems from trusted and untrusted entities. The NIST document contain an abstract definition of ZTA and gives general deployment models and use cases where zero trust could improve an enterprise’s overall information technology security posture (SP 800-207, 2020 p ii).
This EO will serve as a cybersecurity roadmap for many years.