On May 12, U.S. President Joe Biden signed an executive order to strengthen the nation’s cybersecurity in the wake of the hacking of the colonial pipeline, the largest pipeline network in the United States, which left the East Coast stranded.
The order directed at the private sector mandates the adoption of strict new standards for any cybersecurity tools purchased and implemented in the nation’s IT/OT infrastructure. Vendors that do not comply with these requirements within six months risk being excluded from government purchases of cybersecurity tools, something that would result in financial losses to their businesses.
This order which is divided into 11 sections, seeks to strengthen the cybersecurity posture of the national IT/OT infrastructure.
The following are the sections that make up the executive order:
- Policy: Government and private sector working together to promote a more secure cyberspace.
- Removing barriers to sharing threat information: Removing these contractual barriers and increasing information sharing about such threats, incidents, and risks. Knowing Tactics, Techniques, and Procedures (TTP) helps incident responders discover attacks that would otherwise have gone undetected and implement preventive measures.
- Modernizing government cybersecurity: investment to increase visibility across the entire infrastructure while protecting the privacy and civil liberties.
- Enhancing software supply chain security: identifying standards, existing or developing new tools, and best practices to comply with standards, procedures, or criteria for securing the software supply chain.
- Establish a Cyber Security Review Board: review and evaluate significant cyber incidents affecting information systems, threat activity, vulnerabilities, mitigation activities and responses.
- Standardizing the federal government’s Playbook for responding to cybersecurity vulnerabilities and incidents: standardized response processes aligned with frameworks that ensure more coordinated and centralized incident cataloging and progress tracking towards successful responses.
- Improving detection of cybersecurity vulnerabilities and incidents in federal government networks: implementing an endpoint detection and response initiative to support proactive detection of cybersecurity incidents within the infrastructure, performing active cyber hunting, containment and remediation, and incident response with appropriate tools and resources.
- Improving the federal government’s investigation and remediation capabilities: define procedures and tasks to automate the gathering, retention, protection, and management of network and system event logs.
- National security systems: protection of national security systems equivalent to or greater than the cybersecurity requirements defined in the strategy.
- Definitions: clarification of the technical terms used in each section.
- General provisions: following the nation’s information protection and infrastructure protection laws in force.
The constant challenge
The Colonial Pipeline attack and other events in recent weeks are unfortunate and demonstrate weaknesses in the current state of our cybersecurity. This is an excellent opportunity for those who understand the challenges to make a change and implement the cybersecurity capabilities needed to protect and defend businesses and infrastructure from dangerous attacks effectively. The technology is ready, we need to take the steps to protect our OT assets. The real challenge is changing people’s mindsets and the enterprise’s culture to embrace better cybersecurity and digital transformation.
“It’s time to revamp cybersecurity by adopting zero-trust architectures.”
Content written by:
Juan David Marin – Cybersecurity Advisory
Juan Manuel Munoz – Transformation Manager