The Biden administration released Executive Order 14028, “Improving the Nation’s Cybersecurity” to compel federal agencies and the private sector to effectively respond to ransomware attacks, like the recent Colonial Pipeline and JBS.
The Executive Order is an 18-page document with dozens of action steps defined. Each request in the Order has a fast turn-around time (30 to 60 days in many cases), and the Administration’s direction has the potential to significantly improve how the federal government secures networks and digital communications.
Here is what you need to know:
Onclave’s Perspective: What does this mean for business and government?
The President has now directed the Federal Government to adopt tougher cybersecurity standards – adopting Zero Trust, multi-factor and cloud-based as the cornerstone of these standards and policies.
NOTE: The Executive Order is one part of a coordinated approach. For example, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable DHS to better identify, protect against, and respond to threats to critical companies in the pipeline sector. Here is a link to that directive.
In addition to improving the overall cybersecurity of government networks, the contract provisions within this Executive Order are part of an effort to bring more accountability to private sector suppliers/government contractors for their network security. We have seen this focus in changes to FedRAMP, as well as the Department of Defense creation of the Cybersecurity Maturity Model Certification (CMMC).
Businesses need to reexamine their cybersecurity strategy and review the guidelines set in this Executive Order as well as the NIST Zero Trust Architecture. Within the foreseeable future industry standards and insurance liability will reflect the newly raised bar for cybersecurity.
It is very possible that the standards laid out in the Executive Order will become the de facto standards for business within the next few years. A company that chooses not to adopt these new realities will find its ability to meet these standards will not only impact your ability to work with Federal and state government agencies, but also larger corporations.
Below is a table that illustrates how the Onclave TrustedPlatform™ maps to the Executive Order 14028 security requirements: