The Biden Administration published a new executive order (EO) to strengthen the digital security of U.S. federal government networks.

Published on May 12 by The White House, the executive order covered much of what many media outlets reported would appear in the draft.

This included the issue of supply chain security. For example, the EO stated that the U.S. federal government will begin requiring developers to make security data about their tools publicly available. It also said that the U.S. government will begin leveraging its purchasing power to incentivize the market to develop more secure software solutions going forward.

Tim Erlin, VP of product management & strategy at Tripwire, recognizes the potential impact that this last measure could end up having on the private sector:

In many ways, the Federal Government’s most powerful tool for influencing the private sector is its own purchasing power. By including cybersecurity requirements in purchasing contracts, the Government can influence a wide swath of the private sector.

The executive order didn’t disappoint in other areas, as well. As foretold by earlier reports, the directive included a section on removing barriers that would prevent Information Technology (IT) and Operational Technology (OT) service providers from sharing information about digital attacks with executive departments such as the FBI.

It also mandated the creation of a Cybersecurity Safety Review Board. This new organization will function similarly to the Transportation Safety Review Board in that it will analyze successful digital attacks, identify the root causes of those incidents and provide recommendations to federal agencies going forward.

Some of the EO’s provisions weren’t previously reported, however. Citing the presence of out-of-date security models and unprotected information on federal networks, for instance, the executive order emphasized the importance of government entities using foundational controls such as multi-factor (Read more...)