In a bold, unprecedented move, the president has signed a new executive order on cybersecurity. This timely response to the cyber attack on a vital petroleum pipeline is a welcomed response to the protection of businesses, utility providers, infrastructure, and malicious governments worldwide.
The table of the subsections indicates a carefully planned and construction plan for developing a national position of cyber defense. Please have a look at the subsections in the table below:
Executive Order on Improving the Nation’s Cybersecurity
MAY 12, 2021 • PRESIDENTIAL ACTIONS
Removing Barriers to Sharing Threat Information.
Modernizing Federal Government Cybersecurity.
Enhancing Software Supply Chain Security.
Establishing a Cyber Safety Review Board.
Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents.
Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks.
Improving the Federal Government’s Investigative and Remediation Capabilities.
National Security Systems.
Definitions. For purposes of this order:
The executive order appears to be in line with the new Department of Defense requirements for their supply chain. There is also an alignment to the international standards for information security called ISO 27001: 2013.
Some of the immediate similarities with CMMC and information security management systems or in Section 4 of the executive order with the need for a software supply chain security protocol. The information security management system requires control over external resource partners in the supply chain. Section 7 of the executive order talks about improving the detection of cybersecurity vulnerabilities is also a similar reference to two ISMS requirements for the annex controls for vulnerable vulnerability, penetration testing, and compliance.
Section 7 also explores incidents on federal government networks. This is a vital theme of the information security management standards for identifying, capturing information for, investigating, and resolving incidents regarding information security management problems or anomalies.
I applaud our United States president for taking this bold move, and I hope that Section 5 establishes a cyber safety review board that sees the benefits of the international standards that already exist and one that will embrace newly implemented or revised standards to stave off those with malicious intent.
The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).