Biden Signs EO To Improve Nation’s Cybersecurity

Share post:

President Biden has signed an Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks, ushering in a massive shift for the U.S. government and its suppliers.

Here are some highlights of the new EO:

Focus on SBOM

The EO requires that products provide a software bill of materials (SBOM) to aid organizations in managing risk as they can quickly determine which vulnerable software components are included in their products.

When researchers discover new vulnerabilities in open source or other software components, security teams can quickly re-scan SBOMs and determine which products have these components to make fixing them a priority.

The Secretary of Commerce will publish the minimum elements for an SBOM in the next 60 days.

Supply Chain and Third-Party Risks

The EO includes the development of defined criteria to evaluate the safety practices of developers and suppliers and proposes a labeling system to identify those suppliers and products that have exceeded the baseline.

A Safety Board for Cybersecurity

The promises are to improve information sharing in both the public and private sectors and help organizations put in place adequate staffing, security technologies, and processes that matter.

Now, with the creation of the Cybersecurity Safety Review Board, information on critical cyber incidents is being made available and shared across industries, along with key recommendations on how another organization can avoid these threats.

Exchange of information between the Private and Public Sector

The EO also focuses on information sharing between the government and the private sector, including standardized response playbooks, reporting standards, detection, investigation, response, and elimination.

Various agencies and cabinet positions were given deadlines to draft and publish the guidelines for the federal government and the private sector.

FLAWS OF THE EO

In reality, most agencies and departments lack the budget, time, and staff to operate and implement these tools, which creates serious problems in implementing the new EO, leading to the truth that this will force many organizations and departments to simply buy more technology.

The current guidance, which has been published, relies heavily on being able to identify a bad actor through some type of anomaly detection with high effectiveness.

The guidelines of the National Institute of Standards and Technology (NIST) need to evolve and be based on reality in order to do justice to what organizations are actually implementing in order to gain zero trusts.

For more information, read the original story in Tech Republic.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, March 27, 2024 – A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from...

This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet

Cyber Security Today, March 25, 2024 – A suspected China threat actor going after unpatched F5 and ScreenConnet installations

This episode reports on a new campaign stealing email passwords ,the latest data breaches

A hacker’s view of the civic infrastructure: Hashtag Trending, the Weekend Edition for March 23rd, 2024

What does the civic infrastructure look like through the eyes of a hacker? The legendary general Sun Tzu in the Art of War said that in order to defeat your enemy, you must first understand your enemy. How do you do this? He said, “to know your enemy, you must become your enemy.” If we

Cyber Security Today, Week in Review for week ending Friday, March 22, 2024

This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotecte

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways