This article has been indexed from The Duo Blog
If you are an avid follower of current events in the infosecurity space, you will be aware of a number of recent high profile cybersecurity events, particularly in the United States. These events dramatically impacted the operations of the federal government and critical services organizations, as well as private sector companies who use the same software and services as the target groups. This, coupled with events earlier this year around certain monitoring solutions, has prompted the US government to take swift and decisive actions around implementing proactive controls. As evidence of this, on May 12, President Biden signed a cybersecurity Executive Order (EO) aimed at improving efforts to “identify, deter, protect against, detect, and respond to these actions and actors.”
The order aims to improve federal security practices and threat intelligence sharing amongst federal agencies and the private sector; enhance software supply chain security, and improve federal security incident response. The requirements of the executive order will initially apply to federal government agencies and software suppliers to the federal government.
The rest of the private sector will be indirectly impacted when commonly used IT and security vendors adjust their products and services. While this influences and impacts agencies in North America, it isn’t a far stretch to anticipate that we will see similar responses at a global scale. Security is quickly becoming a number one priority worldwide.
Cybersecurity Executive Order Observations
Some of the actions are required to occur in the next 30 to 60 days, which is lightning fast by federal government standards, and somewhat unprecedented. Some will occur in a year or more. The security industry will likely be discussing the impact of this Executive Order for years.
Here are some preliminary observations:
- It is good to see bold recommendations such as the Software Bill of Materials (SBOM) circulating within cybersecurity policy areas for some time. Definitions such as “Critical Software
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: Cybersecurity Executive Order Observations