Have you ever had your details compromised online? These cyber-attacks are on the rise in the wake of Russia's invasion of Ukraine.
While the federal government has responded to these threats with new legislation, it's up to individual agencies and their employees to implement these protocols via a Cybersecurity Executive Order.
So what are these cybersecurity protocols that it suggests? And how should you respond to them? Keep reading to find out more.
This EO is a step in the right direction. It establishes a baseline of cybersecurity standards for Federal agencies.
Cybersecurity professionals should be able to identify and mitigate threats. Every layer of an organization's IT infrastructure.
The best response to a breach is prevention through multiple layers of security controls. Be sure to implement these before an attack occurs.
This Executive Order requires Federal agencies to implement basic cybersecurity measures such as :
All of this is now mandatory. Federal agencies will fine those that don't do this.
EO 14028-is named Improving the Nation's Cybersecurity. It is an important step in establishing a baseline of cybersecurity standards for Federal agencies.
This EO establishes a framework to protect Federal IT networks. This includes those outside of agency control. Examples include contractors and non-profit organizations. As well as those that receive certain types of funding.
It also calls on agencies to identify risks, and prioritize efforts based on risk management principles. As well as to improve information sharing with owners/operators of critical infrastructure. They must also promote awareness and training among employees.
Governments should prioritize those who have access to sensitive information. Or those with access to systems at risk from cyberattacks (such as contractors).
Furthermore, they must improve incident response capabilities. This includes across all levels within an organization. The EO develops strategies for defending against adversarial actors. Especially those attempting malicious activity against government IT networks.
EO 14028 is an extension of the May 2019 Executive Order (EO) 13800. This is "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure."
That first EO established a detailed program requiring federal agencies to implement five key cybersecurity initiatives. These are:
All federal agencies must monitor their network traffic to identify and analyze suspicious activity. They must then take appropriate actions in response.
The idea is that cybersecurity is not reactionary but a continuous process. This way you can nip potential pitfalls in the bud.
All federal agencies must perform regular checks for known vulnerabilities in their networks. They must scan for indicators that could indicate unauthorized access attempts or exploitable weaknesses.
If you detect any vulnerabilities, it is important to resolve them within 90 days. That is unless mitigating conditions apply that justify a longer period.
All federal agencies must develop policies for identifying, assessing, and managing cyber risks. They must prioritize resources. They must also take appropriate measures to reduce risk to acceptable levels.
Furthermore, they should routinely report on performance against these plans. Finally, they must document compliance with relevant laws or executive orders.
Identifying and authenticating users is a critical part of managing identity, access, and authentication (IAM).
IAM is the process of granting and controlling access to systems and information. This is based on a user's identity. It's also a key component of the NIST Cybersecurity Framework.
An example: when you log into Facebook, your account allows you to post status updates. These include "like" posts from friends or family members.
How can you securely use these functions? One that doesn't compromise your privacy or data security needs? Facebook must first verify that the person logging into their platform is actually who they say they are.
This process involves two steps. The first is identification (verifying someone’s identity). Secondly, authentication. This is verifying someone has approval for using their account.
To detect and respond to security events and incidents, you will need the ability to monitor the organization's information systems for events that may indicate a malicious attack or breach. You will also need the ability to detect and respond to potential threats promptly.
The goal is to be able to detect and respond to security events and incidents across the entire organization promptly.
The Executive Order requires agencies to implement a risk-based approach. This approach protects the confidentiality, integrity, and availability of data and systems.
This means that you need to identify your sensitive information assets within the agency. Those would be things like trade secrets or classified documents. And then protect them in such a way that makes sense for each type of asset.
You also need to consider where your store sensitive information. Whether it’s in paper form or electronic form. How many copies exist? Who has access to those copies? How long does it stay around? Finally, you need to ask whether you retain backups for five years or longer); etc.
It’s not always easy to tell the difference between an incident and a potential incident. Here are some examples of potential incidents.
Your security operations center (SOC) detects malicious activity on one of your servers. But you can’t confirm whether this is a false alarm or a real attack.
You read a news article about how hackers broke into another company that is similar to yours.
You should log these incidents for further investigation. However, you don't need to suspend your operations. This could have a detrimental effect on your department when the chances of there is a major issue.
Biden issued Executive Order 14028 in December 2021. It further extends the May 2019 Executive Order (EO) 13800. It centers around "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure."
That EO establishes a detailed program. It requires federal agencies to implement five key cybersecurity initiatives:
How did we get here? In May 2019 the White House released Executive Order 13800. This required cyber officials within each federal agency to implement five key cybersecurity initiatives.
The first four were mandated by that document. Improved monitoring of security controls across the entire system lifecycle. This is including vendor management. It also includes certification of compliance with cybersecurity standards for each acquisition category (e.g., personal identity verification).
Furthermore, it includes contractor-delivered services which must meet baseline requirements. These include data protection and third-party risk assessment; and automated vulnerability scanning tools. All of this is designed to mitigate the true cost of a cybersecurity breach.
In response to recent cyber incidents across the federal government, the White House issued a new executive order (EO) on January 8, 2021.
EO 14028 was titled Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. It takes an important step in establishing a baseline of minimum cybersecurity standards for Federal agencies. It also establishes a framework by which citizens' data can be protected from malicious activity by nation-state actors.
These four key initiatives established by EO 13800 are still required:
There is also an incident Response Plan. This is designed to create and maintain an incident response plan. This includes strategies for serious attacks that threaten to take the whole Federal government offline.
For government agencies, the Executive Order mandates that cybersecurity programs be based on a risk management framework. This means that agencies must identify assets and capabilities they want to protect.
Then they must prioritize them. After that, they can create policies and procedures that reflect this prioritization.
Agencies are also required to have a continuous monitoring capability. They can detect cyber incidents as soon as possible.
This is whether from outside attackers or internal sources. These may have been compromised by malware. For an agency's response efforts to be effective, these detection tools must be integrated into its incident response plan (IRP).
Agencies are also required to have plans for responding to cyber threats from both internal sources and external actors. This includes developing strategies for defending against such threats before they occur such as:
Respond quickly if critical information is compromised during an attack. Containing damage caused by an attack. This includes data loss.
This can be done by limiting exposure through encryption techniques where possible while maintaining usability at all times.
The order requires “any organization operating critical infrastructure” to implement cybersecurity measures. These include protecting their networks and data. Key components to remember:
Essentially, what it means is that there is an onus on federal agencies to implement round-the-clock security. There is a duty of care that centers around preventive measures rather than reactionary measures.
This is important as more and more of our world relies on online and cloud bases businesses, especially in a post-pandemic world.
Don't be alarmed if you're a cybersecurity professional wondering how to implement these new measures. Follow these steps to avoid burnout.
To respond to a cybersecurity incident, you'll need to:
Once you've taken these steps, monitor and evaluate your response over time. You can then re-evaluate it if circumstances change. This is a process known as continuous monitoring.
Cybersecurity is an ongoing process. Once you're aware of an incident, take the first step. Identify the threat. Take a moment to pause and identify what happened. This will help you understand what's going on. You can then figure out how best to respond.
Now that you've identified the threat, take stock of what's at stake. Understand what steps are needed to protect yourself from further damage. Finally, consider hiring a professional to help with your response.
You've identified the threat, determined the risk, and figured out how to respond. Now it's time to implement your response.
A good response will take into account all of the information you've gathered. It should include which steps are needed to protect yourself from further damage
By now, most people know about the cybersecurity executive order that Trump signed in May 2016.
It calls for a federal agency to develop a plan to protect America's critical infrastructure from cyber-attacks. The issue has drawn bipartisan support in Congress. It was endorsed by both Hillary Clinton and Donald Trump during their campaigns for president in 2016.
It increases the nation's cybersecurity and that helps keep the world safe.
For more on the latest trends in cybersecurity, be sure to sign up for our newsletter.