Executive Order 14028: Elevating National Cybersecurity
The White House's Call to Action for a Safer Digital Future Setting New Benchmarks for Global Cybersecurity Standards
In an era of escalating digital threats, the White House's Executive Order on Improving the Nation’s Cybersecurity, issued in 2021, marks a pivotal step towards a more secure web. Now, as we witness the tangible effects of this directive, it is evident that elevating cybersecurity standards within the government can catalyze broader improvements across the tech industry.
We can no longer resign ourselves to believing that our data will never be secure. Instead, we must strive to make our software as secure as it is functional, ensuring compliance is a non-negotiable standard. This blog explores the significance of this executive order and the crucial role of the Cybersecurity and Infrastructure Security Agency (CISA) in fostering a safer digital future.
A Higher Standard for All
The executive order emphasizes that elevating cybersecurity standards within the government can mobilize broader improvements across the tech industry. By setting stringent security requirements for federal agencies, the order compels the private sector to adopt similar practices to remain competitive and compliant.
Key Provisions of the Executive Order
- Removing Barriers to Threat Information Sharing: The EO ensures IT service providers can share information with the government and requires them to disclose certain breach information.
- Modernizing and Implementing Stronger Cybersecurity Standards: The EO mandates secure cloud services, zero-trust architecture, and multifactor authentication and encryption deployment.
- Improving Software Supply Chain Security: Establishes baseline security standards for software sold to the government, including transparency in software development and public availability of security data.
- Establishing a Cyber Safety Review Board: This board, modeled after the National Transportation Safety Board, would analyze significant cyber incidents and recommend improvements.
- Creating a Standardized Playbook for Responding to Cybersecurity Incidents: A uniform response protocol for federal agencies to identify and mitigate threats effectively.
- Enhancing Detection of Cybersecurity Incidents: Implements a government-wide endpoint detection and response system.
- Improving Investigative and Remediation Capabilities: Establishes cybersecurity event log requirements for better detection and response.
CISA's Role in Enhancing Cybersecurity
The Cybersecurity and Infrastructure Security Agency (CISA) plays a pivotal role in implementing the executive order. CISA's initiatives include:
- Removing Barriers to Information Sharing: Collaborates with the Office of Management and Budget (OMB) to recommend contract language that facilitates critical data sharing and improved security measures.
- Modernizing Cybersecurity Standards: Supports federal efforts to secure cloud services, refine cloud security strategies, and drive the adoption of multifactor authentication and encryption.
- Improving Software Supply Chain Security: Assists the National Institute of Standards and Technology (NIST) in developing secure software standards and facilitating a national dialogue on software security.
- Establishing the Cyber Safety Review Board: Supports the board's establishment to review and recommend improvements following significant cyber incidents.
- Creating Standardized Playbooks: Develop playbooks for federal agencies to coordinate response actions and improve incident response efficiency.
- Enhancing Detection Capabilities: Works with agencies to provide additional insights for continuous diagnostics and mitigation programs, and implements persistent detection and response capabilities.
- Improving Investigative Capabilities: Supports OMB in developing policies for log management to enhance visibility and understanding of cybersecurity incidents.
Building a More Responsible Tech World
Achieving a secure digital environment requires a collective effort from all stakeholders in the tech ecosystem. Here are some actionable steps for software businesses to enhance their cybersecurity posture:
- Adopt Secure Development Practices
- Implement secure coding standards and regular code reviews.
- Use automated tools to identify and remediate vulnerabilities early in the development process.
- Prioritize End-of-Life (EOL) Software Management
- Regularly update and patch software to mitigate vulnerabilities.
- Develop and communicate a clear EOL policy to customers, ensuring they know potential risks and migration paths.
- Partner with HeroDevs and our Never-Ending Support Initiative to offer customers an option to stay protected past the support period
- Foster a Culture of Compliance
- Train employees on cybersecurity best practices and compliance requirements.
- Conduct regular audits to ensure adherence to security policies and standards.
- Engage with Cybersecurity Frameworks
- Utilize frameworks like NIST, ISO/IEC 27001, and CIS Controls to guide your cybersecurity strategy.
- Participate in industry forums and initiatives to stay updated on emerging threats and solutions.
Conclusion
The White House's Executive Order on Improving the Nation’s Cybersecurity represents a significant leap toward a more secure digital landscape. By adopting these higher standards and fostering a culture of compliance and responsibility, we can create a safer, more resilient tech world for future generations.
Ensuring that our software is both secure and functional is crucial to staying prepared for the evolving cyber threat landscape.