Over the last year, we’ve seen a series of dramatic cyber-attacks on U.S. soil. Just three of these paint a picture of increasing risk and increasing consequences:
-
The massive Solar Winds breach
-
The public water system attack in Tampa, Florida
-
The Colonial Pipeline ransomware attack
With global cybercrime costs reaching nearly $1 trillion in 2020 according to the Center for Strategic and International Studies, and average ransomware payments now well over $300,000 according to Palo Alto Networks, the threat level both globally and within the United States is clearly increasing.
The costs of this alarming increase were brought home by the Colonial Pipeline attack in particular, which has led United States President Joe Biden to issue a groundbreaking executive order that lays the foundation for new cybersecurity best practices, increased communication between federal and private sectors, and new standards around cybersecurity incident handling.
Details About the Order
Among other things, the executive order recommends that United States organizations:
-
Remove barriers to threat information between government and the private sector. By removing information-sharing barriers and requiring organizations to reveal certain breach information, the Federal government will be able to create effective defenses and improve the nation’s cybersecurity posture.
-
Modernize and implement stronger cybersecurity standards in the federal government. By mandating that the federal government adopt best practices, such as employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multi-factor authentication and encryption, the government enforces these best practices, avoiding further compromise.
-
Improve software supply chain security. By creating an “energy-star” type label, organizations will find it easier to choose software that has been developed securely. Using software that meets these guidelines will ensure a baseline of security standards for software sold to the government. Too many current products contain critical vulnerabilities. Ensuring that software buyers have greater visibility into software quality will ensure higher-caliber solutions prevail.
-
Establish a cybersecurity safety review board. By creating a cybersecurity safety review board, representatives from both government and the private sector can convene to analyze what happened and make concrete recommendations following a major incident.
-
Create a standard playbook for responding to cyber incidents. By creating a standard response playbook, organizations will not have to scramble to act after an incident occurs. This playbook will standardize industry response as well as create uniformity in federal agencies, acting as a template for those in the private sector.
-
Improve detection of cybersecurity incidents on federal government networks. By improving the ability to detect malicious cyber activity on federal networks with a government-wide endpoint detection and response system and improved information sharing, the government will have more visibility and be able to catch incidents sooner.
-
Improve investigative and remediation capabilities. By creating event log requirements for federal departments and agencies, organizations will be able to detect intrusions, mitigate those in progress, and determine the extent of the incident after the fact.
Learn More
From our perspective at Plurilock™, items concerning the adoption of industry terms and frameworks like the NIST’s Zero Trust Architecture, the accelerated movement to secured cloud services, and the consistent deployment of foundational security tools such as multi-factor authentication are particularly interesting—and a long time in coming.
For more on these topics, we encourage you to download our guide on Plurilock and NIST 800-207 Zero Trust, download our 2020 authentication guide, and our recent expert panel discussion on securing utilities and critical infrastructure. ■