President Biden’s Cybersecurity Executive Order: What Could It Mean For Your Las Vegas Business?
On May 12, 2021, Executive Order 1402 was officially signed by President Joe Biden. This Executive Order was released in the wake of the Colonial Pipeline cyberattack and is intended to address some key challenges and limitations federal agencies and contractors are facing in the federal and defense sectors.
This Executive Order is anticipated to lead to significantly tighter cybersecurity rules for government contractors and introduce an Incident Review Board in an attempt to reduce the impact of major attacks.
What Does this Executive Order Actually Do?
The Executive Order will require federal contractors to immediately report cyber incidents to agencies, and the EO establishes a new government entity that is modeled after the National Transportation Safety Board, which investigates plane crashes and other transportation tragedies. The Executive Order will also require any government software purchased by the government to meet a specific set of security standards — an effort to prevent tampering from malicious actors.
The Rising Cybersecurity Crisis
Recently, the U.S. has experienced two major cyber threats that ultimately undermined national security: the SolarWinds hack and the Colonial Pipeline ransomware attack.
SolarWinds is a Texas-based IT company providing cloud performance monitoring, cloud management, and network management tools that are used by some of the largest companies in the country, including Microsoft and Cisco. The attack on SolarWinds sparked numerous investigations by various agencies, and this ultimately led to the declaration that U.S. network defenses were not as secure as initially believed.
The Treasury and Commerce Department, the Department of Homeland Security, and the State Department were all victims of the SolarWinds attack. Other high-powered agencies were also victims of the SolarWinds attack. One would believe these agencies would all have the high-level security protection that is needed to operate, but they were all victims of the attack. This serves as an example of how advanced and sophisticated cybercriminals have become.
In an attack that was not related to the SolarWinds attack, Colonial Pipeline — a pipeline system that supports gasoline and other fuel throughout the Southeastern United States — was also the victim of a cyberattack. On May 7, 2021, Colonial Pipeline’s computer systems were under attack. The Colonial Pipeline attack led to panic buying and gas shortages across 12 states.
The cybercriminals demanded $5 million in ransomware in exchange for restoring Colonial Pipeline’s services. This ransomware attack became the largest attack on oil infrastructure in the history of the United States. The paying of the $5 million sparked additional conversations on whether victims of cybercrime should pay the ransom.
These two attacks alone show that cyber threats are becoming increasingly sophisticated and that cybercriminals are going after some of the most critical infrastructures. Governmental, industrial, and commercial systems continue to use cloud technology, and with the list of vendors being limited, the risk of a devastating attack continues to increase across all industries.
President Biden’s Executive Order on Cybersecurity
To address this gap in the level of understanding of cybersecurity and America’s national infrastructure, there were key areas that the Executive Order aimed to address:
Section 3: Modernize Federal Government Cybersecurity
The Federal Government needs to take steps to upgrade all cybersecurity strategies while being able to protect everyone’s privacy and civil liberties. Under this section of the EO, there is a call for the development of a plan to implement a Zero Trust Architecture for the federal government. This section of the Executive Order also calls for multi-factor authentication and encryption. These standards align with the standards of many Las Vegas businesses in the private sector. These standards can serve as a foundation for the businesses that are aiming to improve their cybersecurity measures.
Section 4: Enhancing Software Supply Chain Security
This section places a spotlight on the importance of commercial software. This includes more open security reporting for public review, innovating public/private relationships, and locking down on the risks associated with the utilization or purchase of software with vulnerabilities. To achieve this, various sectors and agencies will need to provide valuable input on current policies and future standards.
Section 5: Establishing a Cyber Safety Review Board
A Cyber Safety Review Board will be formed by the Department of Homeland Security and the Attorney General. This review board will analyze and evaluate cyberattacks to enhance incident response methods and cybersecurity. This review board will include members of the Defense and Security Departments, members of the corporate sector, and a host of government representatives. Moving forward, it will be interesting to see what impact the Cyber Safety Review Board will have on Las Vegas businesses when it comes to cybersecurity breaches. Depending on how the board will be used, businesses may be encouraged to create their own review board to assess their individual cybersecurity needs.
Section 8: Improve the Federal Government’s Investigative and Remediation Capabilities
This section of President Biden’s Executive Order emphasizes the need for the government to lead the way in terms of implementing and executing better detection and remediation efforts for government platforms. This will include expanding information sharing across different agencies to address cyber threats and incidents. Once these policies have been made public, more Las Vegas businesses should gain a better understanding of their own standards and if they correspond with the standards that have been outlined.
What Does The Executive Order Mean For Your Las Vegas Business?
Cybercrimes have become major threats to everyone, regardless of the industry or the size of the business. Some businesses have lost confidential information and the trust of their customers because of cybercrime. This is a problem President Biden’s EO aims to address. The EO intends to address this problem by establishing security standards across the board.
An improved security response approach built on solid Zero-Trust Authentication and other principles could be a major turning point in cybersecurity. However, this will require companies across all industries to adopt these standards and properly implement them. Agencies across the board will need to determine whether they have the finances and personnel to follow through on the Executive Order. Some agencies may need to create new regulations stemming from the EO, which will require consistent effort on all sides.
This will be a full process that could have a major impact on technology companies that partner with the federal government. For companies that work with federal clients, this Executive Order can have an impact on your security and compliance requirements.
It is important to partner with a team that can support the security implementation and other standards that your Las Vegas business will need today and in the future. Network Security Associates is highly experienced in the comings and goings of the technology environment and fully understands the steps that need to be taken to ensure your business and your sensitive data are protected.
Contact us today to find out how we can help you navigate through all the current and future changes in cybersecurity. Gives us a call at (702) 547-9800 or email us at sales@nsa-nv.com. NSA is here to help.