This website uses cookies to ensure you get the best experience on our website. Learn more
ACCEPT

Cybersecurity Articles

Computer Security Feature Essays

The Biden Administration’s Strategy for a Mandatory Cybersecurity Policy

In September 2021, the Biden Administration released its National Cybersecurity Strategy, outlining its plan to protect American citizens, businesses, and government organizations from cyber attacks.

Tom Rogan
Tom Rogan 3 months ago
5 MIN READ

Cybersecurity is No Longer an Option for Some Organizations

In recent years, the issue of cybersecurity has become increasingly important as the world becomes more digitally interconnected. With the pandemic accelerating the adoption of digital technologies, the need for robust cybersecurity measures has never been more pressing. In response to this, the Biden administration has introduced new rules on mandatory cybersecurity. In this essay, I will outline these new rules and their implications.

In September 2021, the Biden Administration released its National Cybersecurity Strategy, outlining its plan to protect American citizens, businesses, and government organizations from cyber attacks. The strategy emphasizes the importance of collaboration between government, private sector, and international partners to improve cybersecurity practices and protect critical infrastructure. In this essay, I will outline the key elements of the strategy and discuss its potential impact.

At the micro level, the new rules are part of the Biden administration's efforts to improve the cybersecurity posture of the United States. The rules apply to federal agencies and their contractors and require them to adhere to a set of cybersecurity standards. These standards are based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which is widely regarded as the gold standard for cybersecurity.

The new rules come in the form of an executive order signed by President Biden in May 2021. The order sets out a series of requirements that federal agencies and their contractors must meet to improve their cybersecurity. These requirements include:

  • Multifactor authentication: Federal agencies and their contractors must implement multi-factor authentication for all users who access their networks. This is a crucial step in preventing unauthorized access to sensitive information.
  • Endpoint detection and response: Federal agencies and their contractors must implement endpoint detection and response (EDR) tools on all devices that access their networks. EDR tools monitor endpoints (such as laptops, desktops, and mobile devices) for signs of cyber attacks and can help to detect and respond to these attacks quickly.
  • Encryption: Federal agencies and their contractors must encrypt all data in transit and at rest. Encryption is a powerful tool for protecting sensitive information from unauthorized access.
  • Incident response: Federal agencies and their contractors must develop and implement a formal incident response plan. This plan should outline the steps to be taken in the event of a cybersecurity incident, such as a data breach or a ransomware attack.
  • Continuous monitoring: Federal agencies and their contractors must implement continuous monitoring of their networks and systems. This involves actively monitoring networks for signs of cyber attacks and taking steps to prevent them before they can cause damage.

The executive order also establishes a Cybersecurity Safety Review Board, which will be responsible for reviewing and assessing significant cybersecurity incidents affecting federal agencies and their contractors. The board will consist of government and private sector experts and will provide recommendations for improving cybersecurity.

From a macro level, the new rules have significant implications for federal agencies and their contractors. For federal agencies, the rules represent a significant shift in the way they approach cybersecurity. In the past, many agencies have struggled to keep up with the ever-evolving threat landscape. The new rules provide a clear framework for improving cybersecurity and will help to ensure that federal agencies are better equipped to protect sensitive information.

For contractors, the new rules mean that they must also adhere to a set of cybersecurity standards. This is a significant departure from previous practices, where contractors were often left to their own devices when it came to cybersecurity. The new rules will help to ensure that contractors are taking cybersecurity seriously and are implementing best practices to protect the sensitive information they handle.

The new rules also have wider implications for the private sector. The NIST Cybersecurity Framework on which the rules are based is widely regarded as the gold standard for cybersecurity. By requiring federal agencies and their contractors to adhere to this framework, the Biden administration is setting a precedent for the private sector to follow. This is likely to lead to an increase in demand for cybersecurity products and services, as companies look to improve their cybersecurity posture in line with the new rules.

The National Cybersecurity Strategy is built on four pillars: 1) defending U.S. networks, systems, and information; 2) strengthening the security and resilience of critical infrastructure; 3) combating cybercrime and improving law enforcement cooperation; and 4) promoting responsible behavior in cyberspace. Each pillar includes a series of actions to be taken by the government and private sector to improve cybersecurity.

The first pillar of the strategy focuses on the defense of U.S. networks, systems, and information. This includes strengthening the cybersecurity posture of federal agencies, improving the sharing of threat intelligence between government and private sector, and promoting the adoption of best practices for cybersecurity. The strategy also includes a plan to modernize and secure federal IT infrastructure, including the adoption of zero trust architectures, multi-factor authentication, and encryption.

The second pillar of the strategy focuses on the security and resilience of critical infrastructure. This includes working with industry partners to identify and mitigate vulnerabilities in critical infrastructure, promoting the adoption of best practices for securing industrial control systems, and improving the sharing of threat intelligence related to critical infrastructure. The strategy also includes a plan to establish a voluntary framework for securing critical infrastructure, similar to the NIST Cybersecurity Framework.

The third pillar of the strategy focuses on combating cybercrime and improving law enforcement cooperation. This includes increasing resources for investigating and prosecuting cybercrime, improving international cooperation to combat cybercrime, and promoting the adoption of best practices for law enforcement cooperation. The strategy also includes a plan to establish a national cyber response and recovery fund to help victims of cybercrime recover from attacks.

The fourth pillar of the strategy focuses on promoting responsible behavior in cyberspace. This includes promoting the adoption of international norms for responsible state behavior in cyberspace, promoting the adoption of industry-led best practices for cybersecurity, and improving public awareness of cybersecurity risks and best practices. The strategy also includes a plan to establish a national cybersecurity workforce development program to help address the shortage of cybersecurity professionals in the United States.

The National Cybersecurity Strategy has the potential to have a significant impact on cybersecurity in the United States. By promoting collaboration between government, private sector, and international partners, the strategy recognizes that cybersecurity is a shared responsibility. The strategy's focus on critical infrastructure is particularly important, as cyber attacks on critical infrastructure can have significant economic and national security implications.

The strategy's emphasis on promoting responsible behavior in cyberspace is also significant. Cybersecurity is not just a technical problem; it is also a human problem. By promoting the adoption of industry-led best practices and improving public awareness of cybersecurity risks and best practices, the strategy recognizes the importance of human behavior in improving cybersecurity.

The strategy's plan to modernize federal IT infrastructure is also significant. Federal agencies have long been criticized for their outdated IT systems, which are often vulnerable to cyber attacks. By adopting modern cybersecurity practices, federal agencies can improve their cybersecurity posture and reduce the risk of cyber attacks.

However, the success of the National Cybersecurity Strategy will depend on its implementation. The strategy includes a series of actions to be taken by the government and private sector, but it is not clear how these actions will be prioritized or funded. Additionally, the strategy's success will depend on the ability of government and private sector organizations to work together to improve cybersecurity practices. This may be challenging, as the private sector may be hesitant to share sensitive information with the government.

To summarize, the new rules have not been without controversy, however. Some have argued that the rules do not go far enough in addressing the cybersecurity challenges facing the United States. For example, some have called for the creation of a dedicated cybersecurity agency to oversee and coordinate cybersecurity efforts across the federal government.

Author

Tom Rogan
Tom Rogan
Tom Rogan's Blog

Related Posts

Add New Comment




Comment
Do you wish to contribute a technical article on cybersecurity? If so, you'll get your own blog category on our site and your posts may be shared across our IT Specialist Network platform including social networks. Click to read the guidelines.