Alert

Significant Executive Order to Improve Nation’s Response to Cybersecurity Threat Issued

calendar iconMay 14, 2021

President Biden signed an Executive Order (“EO”) on May 12th aimed at improving and preparing for cybersecurity defenses for public and private sector companies. Many experts agree that cybersecurity threats pose one of our nation’s greatest risks. The recent Colonial Pipeline incident highlights that concern and the major impacts of such attacks. The EO is aimed at improving protective measures to federal networks, information-sharing between the U.S. government and the private sector on cyber issues and the collective ability to respond when incidents occur. While the EO primarily addresses impacts and initiatives aimed at federal agencies and organizations that interact and do business with the federal government, much of our domestic critical infrastructure is owned and operated by the private sector. The EO encourages private sector companies to also take ambitious measures to confront these increasing risks.

Prior to this EO, Federal government agencies were implementing various programs and initiatives to address the growing threat. The Cybersecurity Maturity Model Certification (“CMMC”) initiated by the Department of Defense (“DoD”) is a unified cybersecurity standard aimed at securing the Defense Industrial Base (“DIB”) which includes over 300,000 companies in the supply chain. The CMMC is the DoD’s response to significant compromises of sensitive defense information located on contractors’ information systems. It requires DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (“FCI”) and Controlled Unclassified Information (“CUI”) within their unclassified networks and accounting for information flow down to subcontractors in a multi-tier supply chain.  Other agencies have issued notifications of the intent to implement similar requirements in contracts.

The EO addresses initiatives and directives in many areas which were summarized in a White House Fact Sheet including:

  • Remove Barriers to Threat Information Sharing Between Government and the Private Sector
  • Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
  • Improve Software Supply Chain Security
  • Establish a Cybersecurity Safety Review Board
  • Create a Standard Playbook for Responding to Cyber Incidents
  • Improve Detection of Cybersecurity Incidents on Federal Government Networks
  • Improve Investigative and Remediation Capabilities

Over the coming days, Cherry Bekaert will unpack details of the EO, how it will interact with CMMC and what every type of organization, whether a federal agency, federal supplier or commercial company concerned with protecting all of its data should consider and steps to continue to focus and address cybersecurity threats.

The cybersecurity landscape is constantly evolving. Hackers are increasingly professional and adept—striving to develop at a faster pace than cybersecurity experts. They leverage top-end hardware and software to compromise data and financial security at companies both large and small. In addition, these threat actors are consistently targeting one of the largest vulnerabilities present in every organization – people.

Never has the protection of data been more important, and the threats against it more present as the Colonial Pipeline incident highlighted. Cyber breaches not only affect an organization’s bottom line but can negatively impact its reputation and brand.

Cherry Bekaert’s Information Assurance & Cybersecurity practice is comprised of professionals that are well-versed in information security, cyber risks and mitigation strategies. We help strengthen your organization with a comprehensive program of security technology, services and insurance, and customize your solution based on your specific needs and risks, as well as your line of business, industry and budget.

Related Guidance