Skip to content
Royalty-free stock photo ID: 1540550600 United States announces executive order on improving the Nation’s Cybersecurity
Royalty-free stock photo ID: 1540550600 United States announces executive order on improving the Nation’s Cybersecurity

News -

United States announces Executive Order on improving the Nation’s Cybersecurity

This week, President of the United States, Joe Biden, announced an executive order aiming to boost resilience and reduce the country's vulnerability to cyberattacks..

In the official briefing call, a senior administration official stated that; ‘this executive order is about taking the steps necessary to prevent cyber intrusions from happening in the first place and second, insuring we're well positioned to respond rapidly to address incidents when they do occur.’

Here, Jennifer Fernick, NCC Group’s Global Head of Research, shares her thoughts on what it covers and how it will help boost cyber security.

A powerful and actionable mandate to meaningfully improve cyber-resilience

Not only does it incorporate some of the most important defensive tools we have (multi-factor authentication, encryption of data in transit and at rest, effective logging & monitoring, designing zero-trust architectures), it also clearly addresses software supply chain risk through a range of measures – including secure development practices and independent software build verification, attestations of code provenance, working to mitigate the risk of vulnerabilities in transitive dependencies, as well as the use of code review tools, static and dynamic analysis, software composition tools, and penetration testing to both remediate known vulnerabilities, and proactively identify as many novel (zero-day) vulnerabilities as possible.

It does not make the mistake of presuming that these defensive measures will always protect us

It specifically requires vulnerability disclosure programs, threat intelligence information-sharing, and incident response playbooks, to make it easier and safer for security researchers to help software vendors know about and fix security vulnerabilities in their software, as well as for organizations’ cyber-defense teams to share information with one another about emerging threats, and to have playbooks ready to respond when cyberattacks inevitably occur.

A powerful change to the entire tech eco system

The fact that this requirement applies to anyone wishing to sell technology services to the US federal government raises the bar for technology providers to improve the security of both their products/services, as well as of their internal operations, which has a downstream beneficial effect to all their customers, including those outside the federal government. Indirectly, this helps improve the security of private-sector critical infrastructure, and American (and global) business, writ large.

Explicit acknowledgement of real-world harms

This Executive Order also explicitly acknowledges the real-world harms that can come about from malicious behavior targeted at internet-connected physical systems (Operational Technology) as we’ve seen most recently in the Colonial Pipeline incident.

By considering the industrial internet and industrial control systems in scope for these protections, the government is explicitly seeking to mitigate against the many dangers that come from connecting everything in our lives –smart homes, medical devices, self-driving cars, utility grids and beyond – to the fragile Internet, which was definitely never designed to be secure, and yet whose security is a prerequisite to safety, stability, privacy, and resilience."

Subjects

Press contacts

Regional Press Office - North America

Regional Press Office - North America

Press contact +1 408 776 1400

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom