NEW US LAW ENACTED TO PROTECT INFRASTRUCTURE FROM CYBER ATTACKS
President Biden has signed an executive order intending to protect American infrastructure from cyber attacks. The order was signed the day after the White House warned that cyber-attacks could “lead to a real shooting war”.
Efforts to put greater emphasis on cyber security aren’t new but the importance of the issue was clearly driven home by the attack against Colonial Pipeline, which provides the East Coast with as much as 45 percent of its gasoline, and jet fuel.
The order is mostly about voluntary measures asking the companies to meet security standards. This includes matters such as data encryption and two-factor authentication for anyone using a system. The administration has called the security measures that are in place now “woefully insufficient” and decided to set a series of “performance goals” that will assess how each company is prepared for fighting off cyber security threats.
FOCUSING ON THE CLOUD-BASED TECHNOLOGY
Cloud technology is an especially important part of the new imitative. The goal will be to set up a national cloud security strategy that all governmental agencies will adhere to. The main difference in approach is that until now the government was focusing on intrusion to the network coming from the outside while rallying on the assumption that everyone within the network is trustworthy. This will no longer be the case, and efforts are put in place to protect the data when it’s being moved as well as when it’s stagnant.
A SET OF TIMELINES
Time is of the essence in regards to data security and this executive order shows that the government is aware of it. This isn’t surprising since there are reports of potential or actual cyberattacks coming in daily. Each of the initiatives set up in the order comes with a timeline ranging from 60 to 180 days within which the companies involved need to comply with the new rules.
The goal is for the government to increase reporting abilities for everyone involved and especially for companies that work with federal agencies. The order and the timelines that it creates are intended to show how important it is to raise everyone’s game on the issues of security.
COMPLIANCE IS KEY
At this point, every federal agency has its own set of rules when it comes to cybersecurity. This means that every company that has a contract with the government agency needs to adhere to their rules and therefore every government contract is different.
The goal for the Biden administration is to set up a standardized system of compliance, and therefore make sure that each contract demands the same level of security from those signing it.
The Federal Risk and Management Program (FedRAMP) is the government cyber security program that is tasked with providing this standardized approach. It will automate the process and thus create a standard when it comes to cyber security issues.
WHAT DOES IT ALL MEAN FOR GOVERNMENT CONTRACTORS?
At first glance, it may seem that new regulations can be an issue for those working with the government or that are trying to get in on this lucrative market. However, a clear set of guidelines is actually welcomed by most companies that are working in this field. It provides a level playing field and gives clear instructions as to what’s expected of them.
It’s also an indicator of what the government will focus on when it comes to cyber security and that also indicates where the innovation is heading and what to invest in when it comes to security technologies.
A LACK OF AUTHORITY
A major problem for the federal government looking to regulate cybersecurity issues is that it has little authority to do so. Key elements of American infrastructure are run by private companies and the federal government (or state governments for that matter) can’t dictate the security measures that these companies are using.That was the case with the Colonial pipeline, which was brought down by hackers, almost by accident, since their attack was going for the company’s business system. JBS, which was also a target of a ransomware attack is one of the world’s largest beef producers, and attacking it can bring about a food shortage for the whole country even though it’s a private entity that’s being attacked.
The Biden administration is therefore imposing rules for the companies that work with the government hoping that it will set a standard for the industry as a whole and make the companies adjust their security systems accordingly.
WHO MAKES THE RULES?
Until now, the companies had their own informal networks of cyber security experts that have guided their decisions about what constitutes secure practices. The executive order tries to place the initiative on the government and the efforts to set up better cyber security guidelines are run by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Commerce Department’s unit that sets industry standards.
This is an important distinction since the efforts will be uniform and there’s more room for public oversight of the process.
A MATTER OF NATIONAL SECURITY
Cybersecurity issues that face infrastructure companies aren’t about industry standards or an internal matter for those who work for these companies. They are a matter of national security. That’s evident by the pattern in who’s responsible for the attacks but when it comes to the impact that these attacks are having on the public in general.
This executive order, as well as other measures taken by the government, show that the approach towards cyber security issues will change and that it will become a part of the governmental duties in regard to public safety.
TO SUM UP
The Biden administration is setting new standards for the companies working with the government when it comes to cybersecurity. This comes after attacks on energy infrastructure that could have had serious consequences.
The goal of the new executive order is to set clear standards for the companies getting the government contracts and to use that as a way to drive the whole infrastructure industry into better security practices.
Looking for a handy resource to protect your business from cyber security issues and attacks? We’ve got you covered.
Download ATS’s exclusive Cyber Security Fundamentals: Weakness Checklist.
