The Biden administration signed an executive order on Wednesday that aims to bolster cybersecurity defenses.
The executive order follows a wake of major cyberattacks, including the Colonial Pipeline ransomware attack that began on Thursday, May 6 that caused the operator to shut down 5,500 miles of pipeline across the United States.
“This ransomware attack does rise to the level of the Biden administration taking a hard look at ransomware and treating it like a true national security threat,” said Mike Behrmann, Director of Security at Blumira. “These threats need to be taken even more seriously because of the probability of which they can happen.”
Why Is It Important?
The initiative requires organizations to report certain information about cyber breaches, attempting to break down contractual barriers that limit information sharing.
The report reads, “Removing these contractual barriers and increasing the sharing of information about such threats, incidents, and risks are necessary steps to accelerating incident deterrence, prevention, and response efforts and to enabling more effective defense of agencies’ systems and of information collected, processed, and maintained by or for the Federal Government.”
There must be strong public-private partnerships that make it easier for companies to report a cybersecurity incident, said Behrmann, who has prior experience in the National Security Agency and the FBI.
The National Cyber Forensics and Training Alliance, for example, brought together law enforcement, cybersecurity academics, and the commercial sector in a safe place where they could exchange ideas.
“What’s most important is being able to quietly but helpfully report cyber incidents,” he said. “Corporations don’t necessarily want a lot of publicity when something like this happens.”
The White House order also requires that federal agencies, including cloud service providers, “provide logs to the Secretary of Homeland Security through the Director of CISA and to the FBI.”
The Biden Administration’s decision to empower the CISA is particularly noteworthy, Behrmann said.
“Not only will the CISA now essentially carry the flag for other agencies to follow suit, but they are also part of the Department of Homeland Security, which has been very slow to be given any real juice within the federal government framework.”
“To me, this speaks to the CISA’s public efforts providing public guidance on major threats such as the Russian SVR and SolarWinds in their capacity as US-CERT,” he continued.
The initiative also orders FCEB (federal civilian executive branch) agencies to deploy an EDR (endpoint detection and response) initiative to “support proactive detection of cybersecurity incidents within Federal Government infrastructure, active cyber hunting, containment and remediation, and incident response.”
“Explicitly recognizing proactive detection is something that we prescribe to all of our clients at Blumira,” Behrmann said. “Mandating this across federal agencies is just plain smart, and should only bolster each agency’s cybersecurity posture away from a purely reactive model.”
“The EDR initiative is a good example of why Sysmon is so useful and powerful on the host,” added Matt Warner, CTO of Blumira. “Continuing that pattern will only help.”