What You Need to Know About Cybersecurity Executive Order 14028

Posted on by Aiden Scholar

What You Need to Know About Cybersecurity Executive Order 14028

On May 12, 2021, the US President issued an Executive Order on Improving the Nation’s Cybersecurity. The order aims to enhance the cybersecurity posture of the federal government, critical infrastructure, and the private sector. To achieve this, the order directs federal agencies to adopt specific cybersecurity measures and encourages private sector entities to adopt similar practices.

What prompted the Executive Order?

The decision to issue the Executive Order followed a series of high-profile cyberattacks against US organizations, including the SolarWinds supply chain attack and the Colonial Pipeline ransomware attack. These attacks underscored the vulnerability of US systems to cyber threats and highlighted the need for government action.

The key provisions of the Executive Order

The Executive Order comprises several provisions that aim to improve the nation’s cybersecurity posture. Some of the key provisions include:

  • Multifactor Authentication (MFA): The order mandates the use of MFA for all federal agencies, with a timeline for implementation. MFA is a security measure that requires users to provide two or more credentials to access a system, adding an extra layer of protection against unauthorized access.
  • Cybersecurity Data Sharing: The order directs the establishment of a Cyber Safety Review Board to review and assess significant cyber incidents. It also requires federal agencies to share information about threats, incidents, and risks with each other and with private sector entities.
  • Endpoint Detection and Response (EDR): The order requires federal agencies to deploy and maintain EDR capabilities that allow them to detect and respond to cyber threats in real-time.
  • Cloud Security: The order directs the development of standards and best practices for cloud security and mandates the adoption of Zero Trust Architecture for all cloud services.

The impact on private sector entities

While the Executive Order focuses on improving the cybersecurity posture of the federal government, it also has implications for private sector entities. The order encourages the adoption of best practices and standards outlined in the order by private sector entities. The mandate for cybersecurity data sharing between federal agencies and private sector entities also highlights the importance of collaboration in combatting cyber threats.

Conclusion

The Executive Order on Improving the Nation’s Cybersecurity is a critical step towards enhancing the cybersecurity posture of the nation. By mandating specific cybersecurity measures for federal agencies and encouraging the adoption of best practices by private sector entities, the order aims to strengthen the nation’s resilience to cyber threats. The private sector should prepare to adopt similar practices to achieve the highest level of cybersecurity possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts