Virtualization Technology News and Information
How Will Biden's Cybersecurity Executive Order Affect The Cloud?


By Shannon Flynn

In mid-May, following the ransomware attack on Colonial Pipeline, President Joe Biden signed an executive order intended to help protect the nation against cyber attacks.

The action follows a year of high-profile cyber attacks on private businesses and government agencies - including the Solar Winds breach, which led hackers to gain access to communications and data of several government agencies.

Defending Private and Public Networks Against Growing Cyber Threats

The order, officially named the "Executive Order on Improving the Nation's Cybersecurity," makes a few major changes intended to modernize government cybersecurity practices.

It's broken down into eight main sections, each covering a different area of improvement for federal cybersecurity practices:

  • Federal cybersecurity policy
  • Barriers to sharing threat information
  • Modernization of federal cybersecurity
  • Software supply chain security
  • The establishment of a "Cyber Safety Review Board"
  • A "standardized playbook" for respond to cybersecurity incidents
  • Improvement of threat hunting and an Endpoint Detection and Response initiative
  • New practices for threat logging and remediation

A ninth section lays out how systems involved in national security will be required to meet or exceed the standards outlined in the previous sections.

Specific requirements and changes outlined in the order include new standards on software used by government agencies. In the near future, agencies will need to upgrade to secure cloud services or adopt software with modern security features like encryption and multi-factor authentication.

Biden's order also takes steps to improve "software supply chain security," including by requiring developers to disclose certain security information publicly. It also makes changes to facilitate the sharing of cybersecurity information to and from government actors.

The action requires that IT service providers notify the government of breaches that could impact government networks. It also removes certain barriers that make sharing that kind of information more difficult. Similar changes in the order will help to streamline the sharing of cybersecurity information between federal departments as well.

The order applies to over 100 federal agencies and assigns a number of deadlines, ranging from 14 to 360 days, by which agencies must make certain changes to internal cybersecurity policy.

For example, within 60 days, agency heads must "update existing agency plans to prioritize resources for the adoption and use of cloud technology."

Biden's order is limited to products directly used by the government. The Biden administration was optimistic, however, that the government's purchasing power would encourage private sector businesses to make similar cybersecurity upgrades.

How The Order May Impact the Cloud

The executive order is a major move towards fulfilling cybersecurity recommendations from reports like the one released by the 2020 Cyberspace Solarium Commission. It's also likely to accelerate federal adoption of Zero Trust architecture and cloud services.

It's likely to help standardize cybersecurity practices across federal agencies, ensuring that the most effective pre-existing agency security practices become guidelines that other agencies can follow.

Cloud service providers that work directly with the government will be the most immediately impacted by the order.

The push to encourage private entities to share information about attacks with the government could require IT teams to think more about data sharing, interoperability and integration of different cybersecurity tools.

The order strongly encourages government agencies to make the move to the cloud, and requires that agency heads at least consider the transition.

The influence of the government also means that the order could have a major impact on the entire cloud ecosystem. Timur Kovalev, chief technology officer at Untangle, told Security Boulevard that he anticipates private organizations will follow the lead of government agencies, adopting practices in line with the guidelines set out in the order.

"By mandating newer security models such as zero-trust for federal agencies, the EO sets a precedent for businesses to follow," he said. "Having this in an EO from the highest government authority will give corporate leadership an example on which to base their zero-trust policies."

Biden's Executive Order May Make the Cloud More Secure

As cyber threats become more severe, and attacks like those that targeted Colonial Pipeline become more common, cybersecurity standards will become even more important for cloud security. Moves from the federal government, like this executive order, could be essential in encouraging secure use of the cloud.

While businesses in the private sector won't be required to follow the new policies, the example that the government sets may encourage the adoption of new cloud security practices - helping to create a more secure cloud ecosystem.

As a result, the order is likely good news for cloud service providers and cloud security professionals across the economy. Organizations may increasingly look to these professionals and service providers for support in integrating and operating cloud security services.


About the Author

Shannon Flynn 

Shannon Flynn is a tech writer who covers topics like cloud computing, business technology, and data. You can find her work on Hackernoon, Cybint Solutions, Irish Tech News, and Visit ReHack for other trending tech topics covered by Shannon. 
Published Wednesday, June 16, 2021 7:33 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2021>