Late last week, the Biden Administration issued an executive order to strengthen the country’s cybersecurity infrastructure and oversight in light of recent events including the Colonial Pipeline ransomware attack and last fall’s SolarWinds cybersecurity breach. Both events called attention to potential vulnerabilities among software offerings delivered by cloud services providers, though its impact and reach extend to other areas of critical infrastructure protection, including the banking system.
Among the order’s key provisions are directives that impact governance service providers. The provisions are meant to enhance existing standards that must be met under the U.S. government’s FedRAMP program, including the following:
- Improved preservation and reporting on information related to cybersecurity breaches, and removal of barriers to share information across government agencies (e.g., FBI, Intel Community, and Cybersecurity and Infrastructure Security Agency (CISA)
- Modernizing cybersecurity within government, including the use of multi-factor authentication and the development of plans to implement a Zero Trust Architecture (essentially, “never trust, always verify”)
- Improving software supply chain security, entailing the use of encryption and enhanced monitoring of software development environments (the vulnerabilities of which were highlighted in the SolarWinds attack)
- Establishment of a cross-agency Cyber Safety Review Board, comprised of the Department of Defense, DOJ, NSA, CISA and the FBI to develop recommendations for further federal government cybersecurity actions
- Standardizing the playbooks across government agencies to respond to cybersecurity incidents, as well as improving the detection of incidents on federal government networks
The impact on regulated industries
The order directly affects those doing business with the federal government. However, it should also serve to elevate the threat of cybersecurity issues among private sector firms engaged in critical infrastructure industries including banking, healthcare and energy.
Every industry has its cyber guidance and obligations for breach notification and incident management. But raising the bar by bolstering federal standards will likely trickle down into regulatory notices from the SEC, FINRA, FERC, NERC and HHS. It should also help to elevate the work led by CISA to drive greater collaboration between the government, industry and technology providers to:
- Share critical threat information
- Enhance government awareness of the latest cybersecurity technology advances
- Improve the overall security and resilience of the country’s critical infrastructure
For market participants, it is also a strong reminder to entrust your most sensitive information only with those cloud services providers that treat information security and protection as a core capability. These organizations have the expertise, demonstrated adherence to industry standards (supported by third-party attestations), and proven practices that can be verified.
Featured Webinar: Impact of Technologies Used By Remote Employees – May 25, 2021 10:00am PT | 1:00pm ET – Save your seat.
Source & author: Robert Cruz. Vice President, Information Governance at Smarsh.
Robert is Vice President, Information Governance for Smarsh. He has more than 20 years of experience in providing thought leadership on emerging topics including cloud computing, information governance, and discovery cost and risk reduction.
Our range of innovative solutions can be tailored to suit your unique requirements, no matter whether you’re currently working from home, or are continuing to go into the office. Our services can be deployed individually or combined to form a broader solution to release your energies and focus on your clients.
Why Not Download our FREE Brochures! Click here.
Call Us Today on 020 8087 2377 or send us an email.