Joe Biden’s executive order on cybersecurity should be seen as a template for all companies to follow.
The SolarWinds and Colonial Pipeline cybersecurity breaches demonstrated to President Biden that cybercrime is an issue of national security. His response shows the way forward not just for governments but the entire private sector. Biden’s executive order
came about after a series of cyber attacks which threatened US infrastructure. The ransomware attack against the operators of the Colonial pipeline threatened energy supplies to millions of people. Meanwhile, the breach of tech firm SolarWinds affected not
just them, but many of their clients, including Microsoft and the US Government.
Biden’s response has been swift – an executive order to improve cybersecurity across all government agencies and any third parties looking to do business with them.
Among other things it includes:
-
Modernising federal cybersecurity
-
Removing barriers to the sharing of threat information
-
Enhancing software supply chain security
-
Standardising the Federal Government’s playbook for responding to incidents
-
Improving detection of cyber security vulnerabilities
-
Improving Federal Government investigative and remediation capabilities
Although this only applies to government organisations and those it works with, this is also a statement of intent. They aim to lead by example, by raising the bar on cyber security governance across the board. Biden’s aim is to create a more cohesive and
secure cybersecurity infrastructure which addresses all key points from security to threat detection, response mitigation and resilience.
It is a model to which all firms should aspire.
These events have shown that, in a connected world, an attack against one company can be an attack against the entire country. This is especially true if, as in the case of SolarWinds, it’s a technology firm with multiple private and public clients. It is
not enough, therefore, for single companies to manage their own cybersecurity measures, they must do due diligence on others: the US Government’s experience with SolarWinds showed that it is not enough for their systems to be secure, everyone else’s will have
to be too. All businesses, whether they work with the US Government or not, should be looking carefully at this proposal.
Firstly, it’s common sense.
Building a stronger and more coordinated cyber security strategy which includes extensive due diligence on third parties reduces exposure to attack. Equally importantly, this demonstrates the direction of travel. Cybercrime has gone from a nuisance to a
national security issue. Attacks against healthcare, schools and energy supply demonstrate the chaos they can create.
Standards must rise. Business should be ready for further cybersecurity regulations. Whether it’s the introduction of a new
cybersecurity certification network in the EU,
China’s increasingly tough stance on cybersecurity or the UK’s new
IoT cyber security laws, more regulation is coming. Reacting to these changes will leave many firms struggling to keep up. Not only will it leave them open to regulatory action but will make it more difficult to work with government agencies which, for
many, will place them at a distinct competitive disadvantage.
Firms must continually review cybersecurity practices to ensure they are maintaining the best standards. Not only will this protect against the latest threats but will ensure they stay one step ahead of the regulations.