In a wide ranging Executive Order signed by President Biden on May 12th, the US government put into place a set of activities designed to address the continuing cybersecurity attacks on U.S. technology infrastructure. The use of an Executive Order underlines the urgency now attached to the issues, and has been received by media and expert commentators as “ambitious”, “a game changer” and “make or break”.
Crucially, the text immediately acknowledges that the pace of investment and modernisation required to improve the nation’s cybersecurity needs to change. As well as accelerating its efforts to defeat and mitigate cyberattack, partnership with the private sector will play an important role, and in setting out a host of deadlines to enact policy, the tone is decisive: “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments.”
Among the various objectives and initiatives introduced in the EO, there are a number that will determine the way changes are made and the impact they will make. For instance, the Administration aims to remove barriers to sharing threat information, in particular focusing on updating and optimising the contract terms that exist between Federal Agencies and private technology businesses to improve information sharing and collaboration.
Modernisation, a huge topic, will cover a host of issues, with priorities including cloud resource adoption, the development and implementation of Zero Trust architecture, multi-factor authentication and encryption. The EO also aims to enhance software supply chain security, an issue particularly associated with the SolarWinds attack, with the security of commercial software coming in for some criticism: “The development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors. There is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended.”
Clearly the Biden Administration sees huge scope for holistic improvement. From establishing a cyber safety review board to assess incidents to standardizing the Federal Government’s playbook for responding to cybersecurity vulnerabilities and breaches, the focus of the EO returns to the key issues of detection, investigation and remediation time and again.
Looking ahead, the practical steps taken to bring these commitments to life must also focus on the ability of Federal Agencies to deliver proactive cybersecurity protection. Of particular concern for anyone working in the public sector should be the protection of files and documents, created and shared in their millions between organizations, their teams and shared across both public and private sectors.
While most organizations understand the need to fend off malware and ransomware, the vast majority rely on a reactive response based around well established antivirus and sandboxing technologies to protect their valuable files and everything they contain.
This is effective – but only up to a point. The problem is that nearly 70% of malware found embedded within files is of an unknown variant when it is received, effectively making it invisible to these reactive cybersecurity technologies. That represents a major gap in protection and a potentially catastrophic security blindspot.
But there is a better way. Traditional antivirus and sandboxing security products detect file-based risks by scanning for malicious content before quarantining files – they seek out ‘bad’ elements or code to provide protection, with the inevitable gaps in security that creates.
Instead, Content Disarm and Reconstruction (CDR) delivers proactive cybersecurity protection that doesn’t wait for detection. Glasswall’s CDR platform instantly cleans and rebuilds files and documents to match their ‘known good’ manufacturer’s standard, removing potential threats.
To read more about how Glasswall CDR helps government agencies deliver proactive protection from file-based threats, click here.