On May 12, 2021, President Biden issued an Executive Order focused on improving cybersecurity in the US. This EO was motivated by a number of high-profile and high-impact cyberattacks in recent months, including the SolarWinds hack and the recent breach of Colonial Pipeline.

Inside the Order

The Executive Order on Improving the Nation’s Cybersecurity includes a wide range of priorities designed to improve the federal government’s protections against cyber threats.

1.  Increased Information Sharing

Information sharing is a perennial problem in cybersecurity. No one wants to admit that they sustained a breach – often resulting in reports being delayed or not happening at all. Additionally, cybersecurity information sharing within the government suffers from the conflicting pressures of improving cyber defense and maintaining offensive capabilities.

A significant portion of this Executive Order is focused on improving information sharing about cybersecurity across government agencies. By simplifying and streamlining this process, the federal government hopes to improve its ability to prevent, detect, and respond to cyberattacks.

2.  Implementation of Cybersecurity Best Practices

This Executive Order explicitly calls upon government agencies to implement best practices that provide protection against commonly used attack vectors. For example, this EO mandates the use of multi-factor authentication (MFA) and is pushing a zero-trust security strategy. Both moves will mitigate the probability and impact of compromised accounts, a common attack vector.

3.  Software Vulnerability and Supply Chain Management

Recent events have demonstrated the potential impacts of software vulnerabilities and lack of supply chain security. Widely exploited vulnerabilities in Microsoft Exchange were actively exploited by several different hacking groups and inspired an operation by the FBI to remove backdoors from exploited servers. The SolarWinds hackers exploited supply chain vulnerabilities to gain access to tens of thousands of the company’s customers.

This cybersecurity EO defines a process for improving federal supply chain security and improving vulnerability detection in government systems. This will help to raise the bar for exploiting government systems.

4.  Standardizing Incident Detection and Response

One of the major challenges that the government faces regarding cybersecurity is its number of independent departments and agencies. Across agencies, the cybersecurity standards and processes that are in place and the level at which they are enforced varies dramatically.

This leaves many agencies ill-prepared to detect and respond to cyber threats. This executive order includes instructions designed to help standardize and streamline processes across the entire federal government, hopefully ensuring that all agencies are better equipped to protect themselves against cyberattacks.

How MorganFranklin Can Help

The new Executive Order is focused on improving the cybersecurity of the federal government. However, the government is already working to improve the cybersecurity of its contractors via the Cybersecurity Maturity Model Certification (CMMC). This means that it is likely that the standards and requirements created for federal agencies as the result of this EO will trickle down to private sector organizations and contractors as well. MorganFranklin is positioned to assist companies get a head start on this process by helping them develop a strong cybersecurity strategy based on industry standards, specific security frameworks, and best practices.

Talk to one of our cybersecurity experts