On May 12th, the President of the USA, Joe Biden, signed an Executive Order (EO) that would bolster the cyber defences of the USA. The EO is intended to protect against “increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”

An EO is a written, signed, and published directive from the President that manages operations of the federal government, and although some EO’s require legislative approval, they effectively become law. It comes on the back of several high profile incidents involving Microsoft (Exchange), SolarWinds and the recent Colonial Pipeline incident. It is seen as a much-needed step to modernise and protect federal networks and improve information sharing between the private and US government.

The EO covers a range of topics, and not only are the UK Government considering something similar, but I believe these are key initiatives that we all should carefully consider and implement appropriately. 

Policy

When implementing Information security in the private or public sector, I believe it’s essential to set out your policy. Almost straight out of the gate, the EO from President Biden states that Cybersecurity requires more than government action and calls for a more collaborative approach (from the Private sector) in helping to protect the US from malicious attacks. This call for collaboration is critical. It demonstrates that the US recognises the importance of the private sector and its ability to adapt to the continuously changing threat environment and ensure its products are built and operate securely. 

It states that ‘Incremental improvements will not give [us] the security’ needed, which by inference means the White House recognises that change needs to happen and it needs to happen now. The Federal Government needs to lead by example if the Private (Read more...)