The Cybersecurity Executive Order: How to Make White House Goals a Reality

Written by: TechSource Editor on Jun 05 2017

By Rob Chee, Iron Bow Technologies

The White House recently signed the long-awaited cybersecurity executive order (EO), emphasizing the importance the administration is putting on managing cyber risk across government. This EO is a step in the right direction as it places a level of accountability on federal agencies to protect critical data through IT modernization, better cyber hygiene and more.

The administration put agencies in charge of their own security and has used the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a guide for mitigating risk. This gives CIOs and CISOs a high-level of responsibility, but also provides them with a path to implement standards, guidelines and best practices.

A trickle-down movement dictates almost all federal action. Now that the White House is robustly supporting better cybersecurity for government, it is more likely that agencies will heed recommendations that they hadn’t before. The cybersecurity EO covers a lot of ground, but below I’ll touch on a few focus areas and offer next steps in addressing cybersecurity issues.

Protecting federal networks through enhanced risk management

As cyber risks rapidly evolve, agencies must regroup and focus on protecting data from the perimeter through the network, and at the endpoint. Network visibility is key to this effort. In many cases this is just a matter of enabling features that are already in place and feeding the valuable raw information into network visibility tools, focused on cybersecurity. This allows agencies to recognize suspicious behaviors and prevent the same issue or breach from occurring more than once. Agencies can also garner a great deal of insight that can be leveraged in future cyber action.

Visibility is an important first step to taking a better security stance in the federal government, but the information it provides must also be displayed in a meaningful way for maximum usefulness. With technology advancements including faster rendering and enhanced user experience, agencies can easily pivot from a high-level view down to a granular take on issues, allowing for a dramatic reduction in analysis time.

Protecting critical infrastructure through IT modernization

NIST’s Cybersecurity Framework offers a seasoned foundation for agencies to base their security stance. As agencies put the recently updated framework in place, more concrete steps must also be taken. Legacy IT is a major risk to federal cybersecurity, but while modernization is necessary to protecting mission-critical data, it is also very costly.

With efforts like the Modernizing Government Technology Act, currently being reviewed by the Senate, hopefully cost will be less of an issue in the future. However, in the meantime, agencies have been given 90 days to provide the Department of Homeland Security and Office of Management and Budget with a report outlining details of the risk the agency has decided to accept and not accept, its strategic, operational and budgetary considerations and a plan to implement NIST framework.

This planning is key to cybersecurity success. Rather than having a knee-jerk response to the EO by immediately buying IT without consideration, agencies must take this opportunity to use the provided framework to identify security solutions that are part of a short-term roadmap to remove high priority security gaps and a long-term roadmap to develop processes that work together to allow for operational efficiencies. By investing in areas of cybersecurity and modernization that match needed security capabilities that are operationally feasible, agencies will later be able to ensure that security solutions operate at their optimum capability. Feds must look at their cybersecurity plan from both a capital and operational expenditure perspective, understanding the resources their future investments will require, before making rash decisions.

Moving to shared services through cloud migration

The cybersecurity EO hopes for increased information sharing both within agencies and between government and industry. This shared information can provide broader threat intelligence to combat potential attacks. Also known as indicators of compromise, this shared information combines multiple factors and can be added as additional threat indicators in security solutions for many organizations.

In this situation, a move to cloud is a move in the right direction. Though there is still hesitance to migrate federal data to the cloud, the efficiencies of moving services to the cloud are becoming more advantageous. This reality is coming closer as new security controls are being implemented in the cloud and telemetry from many sources can be more easily correlated and investigated for patterns related to potential threats. While information sharing of meta data is a critical to threat intelligence, it is also important to protect the individual organization’s data within the cloud. This concern is being addressed with innovations around cloud encryption and Cloud Access Security Broker (CASB) to control access within the cloud. These cloud security innovations and the EO’s cloud emphasis will likely spur movement in this direction, allowing agencies to more easily share information and improve government cybersecurity as a whole.

It is great to see those at the center of our government, despite party lines, acknowledge the importance of cybersecurity, especially as attacks become more sophisticated and frequent. We at Iron Bow are looking forward to seeing the effects of the executive order on government’s cyber stance, and hope to contribute to the goals the White House has set for agencies through our analysis, technology and service offerings.

To learn more about how Iron Bow can help your agency better meet the cyber expectations of the administration, visit: https://www.ironbow.com/solutions_serv/cyber-security

 

 



Related Post

Tags: > > > > > > > > > > >

Posted by TechSource Editor on 05 Jun 2017 in : Cyber Security, No Comments on The Cybersecurity Executive Order: How to Make White House Goals a Reality

LEAVE A REPLY

  • Subscribe

  • Iron Bow Healthcare Solutions
  • Software-defined networking is helping federal agencies overcome big challenges. Find out how your agency can reduce operating costs, enhance security capabilities and reduce risks. Watch the video to learn more.

  • Categories

  • Resources

  • Follow Us

    Iron_BowIron Bow
    @Iron_Bow:
    Apple’s latest foray into the enterprise involves deeper integration with Cisco #TechNews https://t.co/cxiM6eWppd
    16 months ago
    Iron_BowIron Bow
    @Iron_Bow:
    10 Predictions for the Future of #IoT https://t.co/x4K4hFN0b7
    16 months ago
    Iron_BowIron Bow
    @Iron_Bow:
    Army network modernization drives security, bandwidth improvements #Army #DoD https://t.co/J7G8MLG8ad
    16 months ago
    Iron_BowIron Bow
    @Iron_Bow:
    Defense Digital Service looks to overhaul travel system #Defense https://t.co/ika034x9kl
    16 months ago
  • Archives

  • Iron Bow Healthcare Solutions