White House Cybersecurity Initiatives and Increased Spending
Never before have we seen such a perfect cocktail of cybersecurity risks and companies that have glaring holes in their cybersecurity armor since the pandemic began in early 2020. In addition, the global ransomware threat has never been higher, and businesses are struggling to get their feet under themselves since scrambling to enable remote employees to have access to internal resources in response to lockdown mandates.
The tremendous shift to a highly distributed workforce has created a whole new set of cybersecurity risks and concerns for organizations worldwide. Hackers have shown in recent months, major infrastructure and service providers are in their sights. For example, with the ransomware attack on the Colonial Pipeline, critical infrastructure was affected. This attack, in particular, has since gained the attention of top government officials, including the White House.
The President of the United States has issued new cybersecurity initiatives. What are these? How does this affect how businesses approach cybersecurity, including migrating to the cloud?
Colonial Pipeline hack overview
To fully understand the new governmental initiatives, let’s look at a brief overview of the Colonial Pipeline ransomware attack leading to the sweeping initiatives from the United States government. On May 7, 2021, Colonial Pipeline suffered a ransomware attack from a criminal hacker group known as “Dark Side.”
The malicious attack disrupted critical systems and infrastructure required for Colonial Pipeline to carry out routine operations. As a result, it shut down 5500 miles of pipeline, effectively eliminating 45% of the fuel to the United States East Coast.
While we have seen high-profile ransomware attacks in the past, the attack on Colonial Pipeline “touched a nerve” that has been untouched prior. Arguably, never has a ransomware attack in the United States affected the general populous, as did the Colonial Pipeline attack. This attack on “critical infrastructure” clearly emphasizes the potential impact on services that may not obviously depend on technology solutions or ransomware-vulnerable targets. The fuel shortages and price gouging that followed the Colonial Pipeline attack help to see otherwise.
White House cybersecurity initiatives and increased spending
The historic attacks on Colonial Pipeline and other high-profile cyberattacks such as the SolarWinds supply-chain attack and Microsoft Exchange vulnerabilities this year prompted a landmark Executive Order from the President of the United States. The Biden administration has made clear “the threat of ransomware is a national security and economic security priority.”
From the official White House statement posted on May 12, 2021:
“Today, President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks. Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cybercriminals. These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”
The Executive order signed into effect by the President contains several key elements
- Remove Barriers to Threat Information Sharing Between Government and the Private Sector
- Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
- Improve Software Supply Chain Security
- Establish a Cybersecurity Safety Review Board
- Create a Standard Playbook for Responding to Cyber Incidents
- Improve Detection of Cybersecurity Incidents on Federal Government Networks
- Improve Investigative and Remediation Capabilities
What does each of these critical elements allow for in the new executive order?
1. It removes barriers to cyber threat information sharing
The executive order from the White House ensures IT Service Providers can share information with the government and obliges the sharing of breach information. In addition, the order helps to remove any contractual and other barriers in sharing information with the federal government. It is necessary to provide more effective defenses of federal government departments and improve cybersecurity across the board.
2. Helps to modernize and implement more robust cybersecurity standards
Many organizations are behind the times when it relates to cybersecurity standards, technologies, and architecture. This part of the executive order provides the initiative to help move the federal government to secure cloud services, zero-trust security architecture, and the implementation of multi-factor authentication and encryption. All too often, compromise of networks and business-critical resources are related to outdated security standards and protocols. For example, in the Colonial Pipeline attack, a legacy VPN account left active without multi-factor authentication was the culprit of the compromise.
3. It improves software supply chain security
There have been many common forms of cyberattack. These include malicious email attachments, websites, and compromised credentials, to name a few. However, a newer and highly alarming form of cyberattack is described by the term “supply chain attack.” What is a supply chain attack
The supply chain attack is a technique where a cybercriminal strategically introduces a malicious piece of hardware or software into a single supplier’s “supply chain.” This single supplier might be a reputable hardware or software vendor that provides products to many customers. A well-placed supply chain attack could render hundreds or thousands of customers compromised by the malicious hardware or software component.
The high-profile attack on Solarwinds is a classic example of how complex and devastating a supply chain attack can be. Solarwind’s Orion product, a widespread network management software, was compromised with a sophisticated supply chain attack. Potentially around 18,000 customers may have been affected by the compromised software release. In addition, the attackers were highly sophisticated in the methods used to deploy the malware, making it difficult to detect.
The executive order signed by the President improves the overall security of software by establishing baseline security standards for software development sold to the government. In addition, it obliges software developers to maintain greater visibility into their software and allow the security data to be readily available via known public means. Finally, much like the “energy star” stamp of approval, it will create a similar designation to identify software developed using the new security standard easily.
4. Establishes a cybersecurity safety review board
As part of the new executive order, a Cybersecurity Safety Review Board is established, co-chaired by government and private sector leadership. The board can convene following a significant cyber incident to analyze events and make recommendations.
5. Creation of a standard playbook for responding to cyber incidents
Creating a standard cybersecurity incident response playbook will ensure that all federal agencies take uniform steps to identify and mitigate cybersecurity threats. In addition, the template for this playbook will be made available to private sector businesses.
6. Improve the detection of cybersecurity incidents on federal government networks
This aspect of the executive order enables a government-wide Endpoint Detection and Response (EDR) deployment that helps protect malicious attacks on endpoints. It is a foundational cybersecurity tool that should be mandatory for solid cybersecurity practices.
7. Enhances investigative and remediation capabilities
The final aspect of the new executive order requires federal departments to implement robust cybersecurity logging infrastructure. Insufficient logging and visibility into activities across the board impede the ability to detect intrusions and mitigate these.
Excellent opportunities for cybersecurity and cybersecurity markets
There is a central theme with the new executive order from the White House, which includes tremendous cooperation between the federal government and the private sector, as outlined in the key components of the order. As a result, it represents an excellent opportunity for improvements in the cybersecurity posture of both the federal government and private sector businesses and economic opportunities for cybersecurity markets.
Building on the Cybersecurity Executive Order signed by the Biden Administration, the American Jobs Plan builds on that work to deliver resilient infrastructure. Cyber modernization and cybersecurity are top themes of this new plan, as shown by the proposed spending on cyber technologies. Note the following:
- $20 billion in energy infrastructure investments for state, local, and governments
- $100 billion broadband investment
- A new tax credit for transmission infrastructure that will help finance cyber technologies for the electric grid
- $2 billion devoted to supporting micro-grids and distributed energy infrastructure
- $1 billion included to expand and improve the technology modernization fund
- $650 million was provided to the Cyber Security and Information Security Agency (CISA) to improve CISAs response capabilities, upgrade its ability to support security projects and other activities.
Cloud technologies are a particular focus of the executive order signed on May 12. It is especially evident when considering the mandate to Modernize and implement stronger cybersecurity standards in the federal government. Specifically, according to the White House’s official wording, it “helps move the Federal government to secure cloud services….”
Google Workspace and Microsoft 365 for Government
Like those in the private sector, government departments are using cloud Software-as-a-Service (SaaS) offerings from the likes of Google Workspace and Microsoft 365. These robust cloud services provide excellent tools for organizations of all varieties to work remotely and have the expected business productivity experience needed for business-critical tasks. In addition, both Google and Microsoft have offerings that cater to the specific needs of government agencies.
Even with the security tools built into cloud SaaS environments such as Google Workspace and Microsoft 365, additional protection and cybersecurity solutions are needed to meet the cybersecurity threats prevalent today, such as ransomware. Additionally, many native cloud SaaS security tools available to organizations depend on their specific cloud SaaS subscription. As a result, this opportunity for solutions and products will continue to be lucrative for private-sector cybersecurity markets for years to come.
With the tremendous surge in cloud migrations, both from government agencies and private-sector businesses, security and privacy concerns are among the most pressing topics for most companies, and with good reason. For example, according to estimates from Cybersecurity Ventures, there will be a new ransomware attack every 11 seconds in 2021. Ransomware can lock up business-critical data in on-premises and cloud SaaS environments quickly without proper cybersecurity mitigations and solutions in place.
SaaS Security Posture Management (SSPM) solution
Companies are looking for and need robust solutions that allow them to take charge of their security initiatives in the cloud, regardless of their cloud SaaS provider and subscription level. SpinOne is a next-generation SaaS Security Posture Management (SSPM) solution that provides customers with a world-class set of cybersecurity tools driven by artificial intelligence (AI) and machine learning (ML). In addition, SpinOne provides security automation that allows organizations to protect cloud environments from ransomware attacks. It offers a seamless approach for ransomware protection and remediation compared to the manual intervention steps required with native cloud SaaS security tooling.
There is no question that the new technology solutions for both government and private-sector businesses will provide new and exciting economic opportunities for MSPs and resellers using cybersecurity solutions such as SpinOne to bolster the cybersecurity posture of cloud environments. In addition, governments, such as the United States, have a keen interest in protecting against the nation-state and cybercriminal attacks, threatening to disrupt services for large numbers of the population. The spending allocated in the American Jobs Plan shows the buy-in from the U.S. government to improve the cyberinfrastructure of critical infrastructure services as well as the governmental departments.
Where these two points intersect will mean stronger cybersecurity protections for critical infrastructure services and businesses in general. It will also provide tremendous fiscal opportunities as government organizations, and private corporations invest in modern cybersecurity solutions.
Take a closer look at the ransomware protection automation provided by SpinOne here.