How Does The New Executive Order Effect Tomorrow’s CyberSecurity?

May 15, 2017 by in Blog

An important first step in improving the nation’s cybersecurity was taken by the President last week.  On Thursday, President Donald Trump signed an executive order on strengthening the cybersecurity of federal networks and critical infrastructure.

The most important highlight of this executive order is that the President will hold heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises.

The timing of the cybersecurity executive order could not have been better. The day after the order was signed, the biggest ransomware Wanna Cry cyber-attack shook the whole world. More than 150 countries were affected. Recent cyber-related events only confirmed that strengthening our cybersecurity is absolutely necessary.

Even though the signing of the executive order was a big step, it does not fix all the problems immediately. There is still a lot of work to be done after this initial first push.

The executive order calls for federal agencies to seek opportunities to have a co-existing cyber technology and not keep them separately in a vacuum. Combing onsite and cloud-based IT systems government agencies increase their threat landscape and open more doors and windows for an outside malicious attack. Due to the division of power, expertise, responsibilities and resources, government entities prefer to operate their own IT environment as individual silos.

Cybersecurity is only as strong as its weakest link, so what are the steps to make sure that these weakest links diminish and disappear in the near future?

It is important to recognize that private sector, especially start-ups, are the most innovative in cybersecurity. The government through its procurement procedures will more likely look at large and well-established vendors rather than explore new technologies in start-up space. This has to change! In cyber protection, you cannot use yesterday’s solutions to defend tomorrow’s problems. That is why the government should increase its cooperation and support to cybersecurity start-ups. The government needs to take a closer look at these small companies more often because they might have a solution to major challenges due to their agile and fast-paced development. Hackers work at a very fast pace, bigger companies have too many channels to catch them in time and this is where smaller companies are more useful.

It is needless to say that buying cyber technology from foreign sources is a pretty risky business. The concern is valid. We know Russia and other state actors are engaging in nefarious activities. There are valid concerns that Russia collaborates with private Russian firms.

The cybersecurity infrastructure of the United States is too vulnerable to cyber attacks. The systems that we, as a country, are using are functional but not secured and this creates serious challenges. President Trump’s executive order addresses this concern by requesting all executive branches to submit a risk management report. In these report, there has to be a description of what are security measures and significant risks towards their agencies. Also, this will determine if some agencies can realistically adopt consolidated network architectures.

Let’s hope meaningful progress is made after these 90 days and that these reports will help to recognize what data needs to be protected. Fixing these problems will take a lot of time and efforts, so it is better to start sooner than later.  

One of the ways to improve cybersecurity is automated the most repetitive tasks and focus on incident response. The best in this business is security orchestration automation response (SOAR) platform, CyberSponse.

CyberSponse Inc., a global leader in cybersecurity automation and orchestration, helps accelerate an organization’s processes, security operations teams and incident responders. The CyberSponse platform enables organizations to seamlessly integrate, automate and playbook their security tool stack, enabling better, faster and more effective security operations. With a global presence, offering an enterprise platform, CyberSponse enables organizations to secure their security operations teams and environments. For more information, visit www.CyberSponse.com.

For more on Incident Response and how to use playbooks in your organization please check out our other website: IncidentResponse.com.

    IRC

    The First and Only Incident Response Community laser-focused on Incident Response, Security Operations and Remediation Processes concentrating on Best Practices, Playbooks, Runbooks and Product Connectors. In building the Community, the IRC is aimed to provide, design, share and contribute to the development of open source playbooks, runbooks and response plans for the industry community to use. These playbooks or recipes can be in the form of flowcharts, diagrams, sequences, scripts, orchestration platform playbooks and product integration connectors.

    Subscribe to receive updates from the

    Incident Response Consortium