Last summer, President Biden signed a national security memorandum that takes an important step in preparing America’s critical infrastructure from cyber threats. The memorandum sets out a number of initiatives and goals which will take an active hand in promoting a more unified approach to the nation’s cyber security. Federal departments and offices will be modernizing their networks; updating practices and procedures for government-wide incident response; and setting out new requirements for software and hardware supply chains. Obstacles to sharing information on threats will also be lowered to allow for greater synergy between government agencies as well as between the public and private spheres.
This new effort by the Biden administration recognizes the importance of incorporating American industrial and business interests. Although there is a great deal that the federal government will be taking action on, most of our nation’s infrastructure is privately operated. Consequently, contractors, suppliers, and other private entities will be given the opportunity to advise on some of these initiatives. The order recognizes the degree to which government networks depend upon external suppliers and how the current contracting framework leaves open many potential vulnerabilities that often go unaddressed. Renewed action on cybersecurity has been necessary for a while, but this memorandum follows on from a steady stream of ransomware attacks against citizens and infrastructure. In July, Kaseya, a software provider, was hit by a ransomware attack that breached thousands of American systems and even spread to a number of European networks. In May, the Colonial Pipeline was hacked by a group with suspected ties to Russian organized crime. This led to enormous disruptions that caused fuel shortages across large parts of the country. Our economy’s lifeblood was held hostage until Colonial Pipeline paid the $5 million demanded by the cybercriminals. America’s susceptibility to cyber-crime is made clear to all, but legislators should recognize this sends a particularly inviting message to our strategic rivals. The need for this new action by the government cannot be sufficiently stressed.
However, it is important to recognize that presidential memoranda do not have the power of legislation so adoption of the new cybersecurity standards will be voluntary for those in the private sector. Nonetheless, the requirements that federal agencies are setting for contractors will influence the cybersecurity industry as a whole and will eventually seep into wider society. While such cultural shifts can take time and do not guarantee uniformity, this measure will still have a desirable effect and increase the likelihood of cybersecurity legislation in the future. SOAA has long advocated for greater scrutiny regarding the nation’s cybersecurity and we applaud the Biden administration for this memorandum. But it can’t stop here, we need to protect domestic infrastructure and update outdated legislation to give the Department of Defense the ability to engage in a modernized digital world as cyber warfare becomes the way of the future.
Author: Jaclyn Scott
Jaclyn “Jax” is a tenured Special Operations Warrant Officer, with over 17 years of experience. She is an expert in military cyber policy and has led global development operations in cyber countermeasures to mitigate near-peer attacks. She is a tech blogger, podcaster, entrepreneur, and senior analyst in Global Intelligence. She is committed to her growth as a leader and is currently co-authoring a cybersecurity book and finishing her Master’s in Cybersecurity Risk Management at Georgetown University.