What will President Biden’s Executive Order on improving the nation’s cybersecurity accomplish?
A proactive security posture strategy is needed.
By Skybox Security AUG 17, 2021
This blog is an excerpt of our deep dive perspective on the public and private sector implications stemming from this federal directive. Get the full report.
At first blush, President Biden’s executive order on national cybersecurity1 may appear to be timely – a direct response to a series of crippling ransomware attacks on critical U.S. infrastructure. As the world attempted to recover from a devastating pandemic, hackers successfully targeted hospitals, then daily necessities such as food, water, and energy supplies, causing panic and disruptions. Immediate federal government action to address these and future threats is certainly necessary.
Unfortunately, the executive order is neither perfectly timed nor a comprehensive enough response to one of the most serious national security challenges of our time. The cybersecurity industry has been sounding the alarm bells on ransomware threats for years. Concerns were on the rise well before the pandemic, as organizations began accelerating latent digital transformations and expanding access to insecure operational technology (OT) assets. However, since the pandemic, this has been further compounded by the massive expansion of cloud migrations and meteoric rise in VPN deployments, opening up exponential numbers of new entry points for cyberattacks. There were consequences: Digitizing without adequate OT/IT security enabled hackers in Russia, North Korea, and Iran to seize control of key American businesses without even setting foot on U.S. soil – attacks that could have been prevented.
Read our perspective on Biden’s executive order and the implications for security transformation.
- Developing a long-term framework for preventative security posture management
- Creating a modern digital infrastructure based on principles of zero trust
- Identifying security weaknesses, rather than deploying patchwork solutions
- Supercharging intelligence sharing to fuel proactive and informed decisions
- Incentivizing proactive cybersecurity to make rapid, substantial progress
The first step toward a new future
We’re just several months past the Biden Administration’s Executive Order, and the future impacts and adoption of suggested measures are not yet clear. Nevertheless, the order signals a bold and critical first step in a long-term journey to improve the cybersecurity posture of both the United States and its industries. As one senior administration official put it, the executive order “makes a down payment towards modernizing our cyber defenses and safeguarding many of the services on which we rely…It reflects a fundamental shift in our mindset – from incident response to prevention, from talking about security to doing security.”24
The high-profile incidents of the past several months have belatedly crystallized cybersecurity’s central role in U.S. national security and economic prosperity. President Biden’s administration has taken a significant step in the right direction, but plenty of work still remains. From private sector incentives, to a holistic focus on risk exposure, to automated solutions and beyond, the public and private sectors must advance together following the executive order, then continue marching in tandem to ensure a robust and cohesive approach to cybersecurity preparedness.
The 90-day deadline has passed
The three-month deadline mandated in this executive order is not realistic. Many federal agencies are just beginning to grasp the magnitude of what is required to comply. Additionally, major gaps in the order must be addressed in order to manage cyber exposure at scale. Furthermore, private sector organizations were all but ignored. This is problematic due to the increasingly pervasive threats to critical infrastructure companies that are prime attack targets of nation state actors.
At Skybox Security, we believe that context and intelligence is crucial to fortifying our nation’s cybersecurity programs. Skybox works with public and private sector organizations alike to develop stronger security efficacy through creating mature, consistent security posture management programs. Skybox is the only platform that gives teams with the ability to collectively visualize and analyze hybrid and multi-cloud networks, providing a full picture of their attack surface.
This allows public and private sector organizations to get ahead of the security incident by looking for vulnerabilities in the same way attackers do. They can zero in on the vulnerabilities with the highest risk score, walk the path of a potential breach and understand if vulnerabilities are exploitable and exposed - all while determining the optimal remediation strategy.
Contact a Skybox Security expert to learn more about how our vulnerability and threat management and security policy management solutions can help you manage your cyber exposure at scale.
(24) Biden Orders Fed Cybersecurity Boost; Targets Prevention, Reporting, Breaking Defense, Brad D. Williams, May 12, 2021