Answering the nation's call on cybersecurity together

In early May, the Biden Administration signed an Executive Order (EO) on Improving the Nation’s Cybersecurity to combat one of the greatest challenges facing the federal government and the American people. By improving our nation’s cybersecurity posture, the government enables better security and privacy for its constituents, protection of federal workers, data and networks, and ultimately safeguards our way of life. Federal CIOs and CISOs can save significant time and cost by simply activating and optimizing the tools often already in place, enabling them to navigate modernization milestones with ease.

Each section in the EO focuses on a distinct area of improvement that often requires close collaboration between industry and government. In this article, we dive into the EO sections to look at not only the strategies, but the specific technical capabilities agencies should consider when developing their cybersecurity plans.

EO Section 2: Removing Barriers to Sharing Threat Information

When contracting with providers, agencies are bound by federal requirements that make it difficult to share information about threats at the pace required. To avoid these friction points, agencies should update their contracts to allow for increased sharing of threats and incidents. Additionally, agencies should improve investigation and prompt reporting of incidents by creating a connected threat intel sharing system. By streamlining and standardizing cybersecurity requirements to allow for sharing, threat information can be escalated quickly and easily between the organization and agency, and across contract lines. 

EO Section 3: Modernizing Federal Government Cybersecurity

Modernizing cyberinfrastructure is an essential, immediate step for the federal government; one that must be balanced with the pace of the cyber threat environment and government visibility, all while maintaining privacy and access. Agencies accomplish this through adopting a Zero Trust architecture as well as secure cloud services. Modernizing FedRAMP is also critical for agencies to have confidence in the solutions being approved and deployed across their networks by industry partners. 

Agency modernization starts with migration to the cloud on a secure baseline and then adds on enforced encryption of agency data, both at rest and in transit. To access federal systems and data, agencies should also deploy centralized adaptive access identity controls and network micro-segmentation, and ensure device inventory and data classification standards are applied.

EO Section 4: Enhancing Software Supply Chain Security

A secure IT infrastructure to enhance national cybersecurity starts with a secure software supply chain. To accomplish this, administratively separate environments and auditing of critical software configuration becomes key, as does vulnerability management and disclosure after an issue arises. Similarly, auditing trust relationships, reducing dependencies, and developing a software bill of materials are all proactive steps to improve supply chain security. 

EO Section 5: Establishing a Cyber Safety Review Board

Every cybersecurity incident is an opportunity for public and private entities to come together and collaborate in order to strengthen future responses. With the creation of the Cyber Safety Review Board, the federal government can analyze cybersecurity incidents and make recommendations for improving cybersecurity. To be successful, this Cyber Safety Review Board should focus on threat trend analysis, response evaluation, vulnerability and mitigation prioritization, and process improvement in agency response.

EO Section 6: Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents

The best defense against cybersecurity challenges of the future is a unified offense of standardized response processes. At the macro level, this means comprehensive visibility into the federal playbook for responding to cybersecurity threats, vulnerabilities, and incidents. At the tactical level, it means a standard operating playbook for analysts, SOAR sharing and standardization across agencies, and test-driven security via simulation for training, reskilling, and adapting. 

EO Section 7: Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks

Coordinated detection and proactive threat hunting efforts improve our security force’s ability to mitigate and contain cyber threats. Early and proactive detection of vulnerabilities and incidents on networks, both inter- and intra-agency, as well as government-wide EDR initiatives improve the security of federal networks. Increased DHS and DoD coordination also helps to connect the civilian and defense cybersecurity missions. 

These connected capabilities must focus on threat containment and remediation, as well as combined manual and automated incident responses for more effective detection. Host-level visibility, attribution, and response, as well as object-level data available to the CISA will improve response down to the individual, endpoint, or data levels.

EO Section 8: Improving the Federal Government’s Investigative and Remediation Capabilities

Analysis after events occur allows for diagnoses of vulnerabilities and pattern identification across the federal government. Agencies must shift to collecting and managing the log data for investigation, remediation, and reporting through on-premises or third-party-hosted networks or systems. These new processes should be governed by adaptive retention policies and data protection practices that bring in integrity verification.

To implement the strategies and capabilities mapped to the Cyber EO sections above, Microsoft has developed a wealth of resources for federal agency cyber leaders; including cybersecurity frameworks and assets, as well as Zero Trust architectures and deployment center. Learn more at Microsoft’s Cyber EO Resources Page.