Unpacking the US Cyber Strategy and Leadership

President Biden’s latest executive order for the country’s cybersecurity and the protection of federal government networks is a much-needed step to bring the US on par with peer countries. 

The order takes into consideration how significant the private sector’s cooperation for heightened security is, the importance of diverse, collaborative talent, and establishes various new federal roles, boards, and procedures that all – federal or not – will need to adhere to. 

US cyber strategy scope and methodology

The executive order is separated into distinct sections setting out the scope and areas of focus and intent. 

Section 1. Policy

In a bold statement, this section emphasizes the attacks encountered and continued risks the US is exposed to. The Policy focuses on the need for the private sector’s cooperation and efforts for the Federal Government’s systems and the “American people’s security and privacy.” 

The Policy also highlights the need for complete cybersecurity in all its guises:

  • Implementing better proactive strategies, including identifying, deterring, protecting against and responding to malicious attackers.
  • Ensuring that no system is compromised, whether cloud, on-premise, hybrid, a system to process data or the machinery to ensure safety.

All corners and minutiae are to be brought forward and included. 

Section 2. Removing barriers to sharing threat information

Due to contractual obligations and data privacy, IT services working with the Federal Government have historically been reluctant or unable to share information around potential breaches and security threats they’ve experienced. Removing this barrier will enable more knowledge to be shared and for cybersecurity, on the whole, to be more effective. 

Section 3. Modernizing federal government cybersecurity

While not new to the private sector, this section addresses the need for modernizing security best practices. It will look to employ more secure cloud services, “zero-trust architecture,” and multi-factor authentication and encryption implementation as standard within government infrastructure. 

Section 4. Enhancing software supply chain security

Clearly, this section responds to the serious SolarWinds attack earlier in the year and to the numerous other supply chain attacks that large corporations and government agencies have also experienced lately.

The goal is that by establishing baseline security standards for government suppliers and creating an “energy star” pilot program that’ll clearly indicate a software’s security policy, that the market will be driven to heighten its basic security standards. Starting within the federal government, the aim is to eventually mirror this high standard within the private sector. 

Section 5. Establishing a cyber safety review board

The Cyber Safety Review Board will be made up of both government and private sector members, with the sole aim to adequately review, analyze and make recommendations post-breach or attack. 

Section 6. Creating a standard playbook for cyber incidents

The playbook will have standardized procedures and definitions for government agencies and departments to use. As a result, uniform and vetted steps will be taken to identify and mitigate threats, as knowledge within departments regarding cyber incidents varies too widely, resulting in diverse and often inadequate responses.

Section 7. Improving cybersecurity vulnerability detection

A section that isn’t new for the private sector focuses on the proactive detection of vulnerabilities. It emphasizes the use of government-wide endpoint detection and greater interdepartmental information sharing.

Section 8. Improving investigation and remediation

In a nutshell, this section refers to better logging practices to enable more efficient and productive post-attack investigation. 

The roles and responsibilities for the 2021 US cyber strategy

What will the National Cybersecurity Director do?

The Government Accountability Office (GAO) identified 23 different federal agencies with roles and responsibilities in cybersecurity. The latest executive order has created the National Cybersecurity Director (NCD) position to coordinate its efforts for the 2021 cyber strategy. 

Chris Inglis has been appointed as NCD, with his responsibilities outlined as: 

  • Senior advisor to the president 
  • Advisor to the White House and US government agencies, including the National Security Council (NSC), Homeland Security and other federal agencies and departments
  • Leads cyber policy and strategy implementation: overseeing performance and budgets and recommending changes 
  • Develops plans, processes and a playbook for cyberattacks 
  • Leads coordinated incident responses 
  • Engages with the private sector and international partners on emerging technology 
  • Annually reports to Congress on cybersecurity issues 
  • Issues rules and regulations as necessary to fulfil function and duties – this is a rare authority in the White House offices 
  • Represents the president where required and on the president’s direction 

Other departments critical to the US Cyber Strategy

During the 2016 Obama administration, various government departments were appointed roles towards the country’s cybersecurity efforts as part of the United States Cyber Incident Coordination. These will feed into the 2021 US Cyber strategy, with the NCD overseeing them all. 

Department of Homeland Security (DHS)

The Cybersecurity and Infrastructure Security Agency (CISA) was created as the primary component with the DHS to manage cybersecurity. CISA’s primary focus is on the nation’s critical infrastructure, including the power grid, water systems, and hospitals. However, in light of federal cyberattacks, CISA’s multi-billion-dollar EINSTEIN security system has been criticized for not detecting intrusion early enough to prevent serious breaches. It remains a bone of contention. 

Office of Management and Budget (OMB)

The OMB approves and enforces the security requirements on federal agencies and oversees the interagency cooperation between the DHS and civilian agencies regarding cybersecurity. It also promotes initiatives and develops guidance to strengthen federal programs. 

Department of Justice (DoJ)

The DoJ holds cybercriminals accountable for their malicious actions and brings charges against hackers associated with nation-states. Recent indictments have been against Russian intelligence offices and North Korean hackers involved in multiple serious cyberattacks, which saw targets in the 2018 Winter Olympics and the theft of millions of dollars of cryptocurrency, amongst other events. 

Department of Commerce (DoC)

The DoC is responsible for ensuring that the US is competitive in cybersecurity, with the National Institute of Standards and Technology at the center. NIST develops cybersecurity standards, best practices, and technology to protect both federal government and private sector networks. 

What happens next?

While we are only at the start of overdue fundamental change, it’s a big step in the right direction for the US. Since the executive order was signed and announced, the White House has urged private businesses to step up their cybersecurity to become a collective and whole effort, but what should this be? 

A few sections and initiatives within the executive order for the federal government’s modernization are already known to the private sector. However, if your business hasn’t yet implemented critical cybersecurity measures, such as endpoint detection, multi-factor authentication, and a cyber incident response plan, these must be implemented immediately.

To reiterate a significant point coming from the federal government, no one can do this alone. It is affecting everyone. Therefore, a collective and collaborative effort is necessary for the best chance against increasingly advanced malware strategies used by hackers. 

NIST and other government and industry bodies have yet to assess, scrutinize, and refine the plan; however, President Joe Biden’s statement, making cybersecurity a priority, shows the urgency of this issue and demonstrates Biden’s commitment to it. 

Carol Watson

Carol, Director Sales & Operations, brings over 30 years of security and technology experience across multiple industries to the Enhalo cyber hub.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: