4 key takeaways from Biden’s Executive Order on cybersecurity

From the Colonial Pipeline ransomware attack, to more recently Solar Winds, cyber threats and attacks are on the rise. That’s why at the end of June, the Biden Administration released an Executive Order outlining key strategies to improve the nation’s response, particularly when it comes to securing critical infrastructure. 

Not only do these strategies align closely with IronNet’s mission and philosophy, they also ensure that companies and organizations can work alongside government sectors and private organizations to achieve a stronger cybersecurity posture. 

Here are our 4 major takeaways from the Executive Order (view as PDF): 

1. Bridge the gap between the public and private sectors

“Protecting our Nation from malicious cyber actors requires the federal government to partner with the private sector.” (Sec. 1) 

When it comes to cybersecurity, most organizations (both public and private), are working within a vacuum. But to secure the United State’s critical industries such as energy, healthcare, water/wastewater, and manufacturing, it is essential to share anomalies, cyber threats, risk insights, and response advice related to the security of both informational technology (IT) and operational technology (OT) networks. Gaining clear threat visibility across both IT and OT makes it easier to identify and respond to cyber actors quickly. 

Ensuring safety and resilience, however, is a complicated endeavor: IT must protect the network, data, and cloud environments without hindering productivity, while OT focuses on securing an organization’s people, processes, and physical environments with an eye on public safety.

To build a holistic approach to cybersecurity across business and operational networks within the energy sector, IronNet has partnered with Dragos to advance a Collective Defense approach to strengthen the cybersecurity of critical infrastructures. 

2. Share cyber attacks and threat information across communities

“[I]ncreasing the sharing of information about ... threats, incidents, and risks [is] necessary ... to accelerating incident deterrence, prevention, and response efforts and to enabling more effective defense of agencies’ systems and of information collected, processed, and maintained by or for the Federal Government.” (Sec. 2) 

The Executive Order emphasizes that the United States must adopt a unified defense against cyber attacks. Public agencies, their service providers, and private companies need to stop fighting cyber attacks in silos; instead, actively sharing timely and pertinent information allows for much earlier detection and response against the adversaries.

IronNet’s Collective Defense platform provides a cyber radar picture — not just of a single government agency or company but of its entire ecosystem: its supply chain, its customers, and its partners, effectively allowing agencies to collaborate on cybersecurity and incident response activities. With Collective Defense, both public and private organizations can build an IronDome community to accelerate information-sharing capabilities to operationalize a collaborative model for cyber threat intelligence:

  • Data about observed cyber anomalies is collected and shared anonymously among participating members within the IronDome community to create a rich and real-time data repository of cyber behaviors.
  • This building of a threat picture based on correlated, anonymized detections across the community provides a contextual foundation of information from which members can collaborate and more quickly and proactively defend.
  • IronDome enables the sharing of relevant cyber event data with Federal and other government agencies to aid in investigation and enforcement.

3. Implement a Zero Trust architecture to manage and secure the cloud 

Within 60 days of the EO, federal agencies are required to enact solutions that follow the principles of Zero Trust Architecture, as put forth by NIST, in their cloud environments. 

“As agencies continue to use cloud technology, they shall do so in a coordinated, deliberate way that allows the Federal Government to prevent, detect, assess, and remediate cyber incidents. To facilitate this approach, the migration to cloud technology shall adopt Zero Trust Architecture.” (Sec. 3)

IronNet aids organizations’ ability to directly address and implement Zero Trust across enterprise networks (both on-premise and cloud) to quickly identify suspicious or malicious activity. IronNet’s network detection and response solution, IronDefense, paired with IronDome’s threat intelligence sharing, fosters Collective Defense through comprehensive security monitoring and, specifically, the recommendation to provide continuous analysis of behavioral attributes and anomaly detection.

With integrations with leading Cloud Service Providers (CSPs), like AWS and Microsoft Azure, and private cloud solutions, IronNet eliminates network blind spots and enables cloud-native threat detection and Collective Defense, increasing visibility and reducing dwell time of threat actors. IronNet’s approach to securing data and assets “in the cloud” builds on the foundational CSP security capabilities to fully visualize and monitor on-prem, cloud, or multi-cloud environments for network anomalies.

4. Secure and protect the supply chain 

A major takeaway from the EO was to fortify and eliminate entry points into our networks via vulnerabilities in our critical supply chain.  

“... the Federal Government must take action to rapidly improve the security and integrity of the software supply chain, with a priority on addressing critical software.” (Sec. 4) 

Supply chains are a web of weak spots that adversaries can take advantage of to gain a foothold into critical networks and establish “credible” long-term espionage. IronDefense’s behavioral analytics can detect anomalies that evade traditional tools. Coupled with the shared knowledge of Collective Defense, IronNet creates a radar-like view or early warning system of attacks that may be entering through the supply chain. 

See how IronNet was able to detect the behaviors associated with the SolarWinds/SUNBURST attack, in which hackers embedded malicious code in a software platform that affected 18,000 organizations and nine Federal government agencies.

The Biden Administration’s stance to protect the Nation’s against cyber threats is a positive step in the right direction, but there is still more to do. From ransomware, malware, and advanced phishing schemes, cyber crimes are going to continue to grow. Only with a united front can we begin to dismantle and prevent cyber attacks. 

Learn more about IronNet Collective Defense.

IronNet-Resource-Downloadable Cover-Collective Defense@2x

 

About Ironnet
Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet Cybersecurity is a global cybersecurity leader that is revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing an extraordinarily high percentage of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. Follow IronNet on Twitter and LinkedIn.