Biden Signs EO To Improve Nation’s Cybersecurity

Share post:

President Biden has signed an Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks, ushering in a massive shift for the U.S. government and its suppliers.

Here are some highlights of the new EO:

Focus on SBOM

The EO requires that products provide a software bill of materials (SBOM) to aid organizations in managing risk as they can quickly determine which vulnerable software components are included in their products.

When researchers discover new vulnerabilities in open source or other software components, security teams can quickly re-scan SBOMs and determine which products have these components to make fixing them a priority.

The Secretary of Commerce will publish the minimum elements for an SBOM in the next 60 days.

Supply Chain and Third-Party Risks

The EO includes the development of defined criteria to evaluate the safety practices of developers and suppliers and proposes a labeling system to identify those suppliers and products that have exceeded the baseline.

A Safety Board for Cybersecurity

The promises are to improve information sharing in both the public and private sectors and help organizations put in place adequate staffing, security technologies, and processes that matter.

Now, with the creation of the Cybersecurity Safety Review Board, information on critical cyber incidents is being made available and shared across industries, along with key recommendations on how another organization can avoid these threats.

Exchange of information between the Private and Public Sector

The EO also focuses on information sharing between the government and the private sector, including standardized response playbooks, reporting standards, detection, investigation, response, and elimination.

Various agencies and cabinet positions were given deadlines to draft and publish the guidelines for the federal government and the private sector.

FLAWS OF THE EO

In reality, most agencies and departments lack the budget, time, and staff to operate and implement these tools, which creates serious problems in implementing the new EO, leading to the truth that this will force many organizations and departments to simply buy more technology.

The current guidance, which has been published, relies heavily on being able to identify a bad actor through some type of anomaly detection with high effectiveness.

The guidelines of the National Institute of Standards and Technology (NIST) need to evolve and be based on reality in order to do justice to what organizations are actually implementing in order to gain zero trusts.

For more information, read the original story in Tech Republic.

SUBSCRIBE NOW

Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways