Chris Kubic is the Chief Information Security Officer (CISO) at Fidelis Cybersecurity. Kubic brings with him more than 30 years of experience driving Information Assurance and Cybersecurity initiatives... Read More
Now that the dust has settled a bit on the United States Executive Order on Improving the Nation’s Cybersecurity, I thought it would be good to circle back, read the details a second time, and sort out how and where Industry can help the U.S. Government in achieving the much-needed security improvements called out in this Executive Order. I do have to admit that having worked in the Government for decades and seeing multiple cyber focused initiatives go by the wayside, I was initially a bit skeptical about the current initiative. That said, I think there are some key aspects of the initiative that are game changers and, if implemented correctly, could make a major difference in improving the security of Government networks.
First, the White House is assembling an all-star team to lead the initiative – Anne Neuberger as Deputy National Security Advisor for Cyber & Emerging Technology, Chris Englis as National Cyber Director (confirmation pending), and Jen Easterly as the Director of CISA (confirmation pending) – all former NSA employees who deeply understand cyber and how to effect change within Government organizations.
Second, the Executive Order calls for a more comprehensive plan for cybersecurity that focuses on resolving the Government’s continued challenges around cyber hygiene, moving to active defense, and improving the Government’s incident response processes – a strategy that I wholeheartedly agree with and have written about in the past. This is clearly an area where the cybersecurity industry can assist the Government. Fidelis already supports a number of Federal customers today with enterprise risk management, active defense, Data Loss Prevention (DLP), Network Detection and Response (NDR), Endpoint Detection and Response (EDR), and deception solutions that are squarely focused on meeting the objectives of this Executive Order. Our recent acquisition of CloudPassage adds a whole new set of cloud security capabilities to Fidelis’ portfolio, and we are excited to be discussing these new capabilities with our existing customers.
Third, the Executive Order acknowledges the need to fundamentally change the architecture of Government systems through adoption of cloud services, by streamlining and enhancing the Government’s cloud security approach, adoption of Zero Trust, widespread deployment of Endpoint Detection and Response (EDR) capabilities, centralizing collection and analysis of cybersecurity monitoring data, and centralizing threat hunting and incident response. These are all areas where Industry can help by providing FedRamp-approved solutions, developing the necessary product integrations to support Zero Trust and multi-vendor Endpoint Detection and Response, adopting standards to support centralized monitoring and response, and providing Managed Detection and Response services.
In my mind, the centralization of cybersecurity functions is the biggest potential game changer in the Executive Order. It would help to standardize and level set the Government’s cybersecurity monitoring and response capabilities, enable independent assessment of each Department and Agencies compliance with the Executive Order, and could help to address critical shortages of cyber expertise, particularly for high demand, high proficiency expertise like threat hunters, security analysts, and incident responders. The challenge here will be to rework existing cybersecurity authorities that currently place the authority and autonomy to protect and defend networks with individual Departments and Agencies. It will be interesting to see how this plays out.
Finally, the Executive Order includes new requirements for industry to improve the quality and security of software sold to the Government. Key to this is requiring vendors to deliver a Software Bill of Materials (SBOM) that provides the pedigree of all software components used within a vendor’s application or service. Recently the Open Source community threw their weight behind the Executive Order and committed to improving the supply chain security of open source software. This addresses one of the major challenges for industry in building a SBOM – assessing the pedigree of the open source solutions we integrate into our products and services.
Another positive trend over the past couple of months is that the U.S. Government seems to be taking a much more proactive role in investigating, tracking, and disrupting cyber-attacks and cyber criminals. This is a very positive step toward addressing the root causes of these attacks by identifying the criminals responsible for the attacks, tracking and blocking their funding sources, sanctioning the Governments that harbor these criminals, and ultimately bringing the criminals to justice. This article discusses the new emphasis the U.S. Department of Justice (DOJ) is placing on coordinating and tracking ransomware attacks and the U.S. Federal Bureau of Investigation (FBI) has also been stepping up their efforts by actively blocking the spread of malware. With ransomware now being declared a national security threat, I would expect that there are many other government organizations, international partners, and Industry partners involved behind the scenes to make this a whole of Government activity. This is the kind of coordinated activity that is needed and I’m glad to see the tide shifting in this direction.
Ultimately, the success of the effort will depend on two things:
Government leadership, private sector partners like Fidelis, and the Government and Industry security professionals that will be doing the heavy lifting are all critical to the success of the initiative. Fidelis stands by to assist Federal Agencies where needed. Do not hesitate to reach out to us for assistance. If you’d like to learn more about how Fidelis enables government agencies to detect, hunt and respond to our nation’s most advanced threats, contact us here!