DHS Cyber Leaders Say Biden Cyber Order is a Long-Term Roadmap
Cyber vulnerabilities in federal agencies’ supply chains aren’t going away any time soon, and addressing them will take a consistent, concentrated effort.

Department of Homeland Security cyber leaders see President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity as the beginning of a “journey” to develop more comprehensive, consistent cybersecurity strategies at federal agencies.
This journey, they said, will help federal agencies deploy emerging technologies safely and securely to dramatically improve mission delivery.
The Office of Management and Budget is putting together a cloud security strategy “focused on zero trust that will probably be going out for public comment around the 90-day mark (of the executive order). All of this comes together to help guide agencies in a standard and consistent direction over the next couple years as we continue to make progress here,” said CISA Deputy Assistant Director of Cybersecurity Matt Hartman at an ACT-IAC Homeland Security Forum last week.
The 90-day mark of the executive order is Aug. 10. Iranga Kahangama, director of cyber incident response at the National Security Council, said the order was a “direct response” to the SolarWinds hack discovered in December 2020.
“Many of these EO tasks are sprints to develop architectures or roadmaps, and these are the initial milestones that will set additional milestones that will commence multi-year journeys,” Hartman said. “Many of the core issues being addressed will only be solved through years, literally years, of focus and investment.”
At DHS, CISO Kenneth Bible said he’s focused on creating consistent cyber “roadmaps” to bulwark the network against cyber threats.
“If I understand the control environment and can map that consistently, I can alleviate some of the risk to the organization and have a more seamless path to an [authority to operate],” he said during the forum. “What I’m talking about in terms of that framework is to understand the threat and how the threat maps to the controls and map the controls to my technical solution.”
Alethea Duhon, associate director for analysis at CISA’s National Risk Management Center, said federal agencies also need to focus on securing their entire IT supply chains.
“Everything connects in the supply chain to how we acquire components. That’s why it’s so important for networks to be secure,” she said during the forum. “Data travels overseas. We’re guided by three principles: risk management, stakeholder engagement and technical assistance. Everything connects.”
Carole House, director of cybersecurity and secure digital innovation at the National Security Council, said the Biden administration has “really been pushing” for a national security strategy for 5G to mitigate “significant national security risks posed by high-risk suppliers.”
But network decentralization at federal agencies is also a national security risk.
“On the paradigm shift to decentralization, there’s a lot of potential benefits with networking and decentralized ledger techs, future identity management developments, financial access and inclusion, decentralization of payments has a lot of really great potential to facilitate peer-to peer-interactions,” House said at the forum. “There’s great potential for innovation, but they can also be exploited, the way any tech or software can be used for good, can be used for bad, and the vulnerabilities that exist depend on how they’re designed.”
As Bible pointed out, “The problem with [software as a service (SaaS)] isn’t really SaaS,” it’s the components and suppliers that make SaaS. Federal agencies need to work on understanding their software supply chains and their network supply chains as they prepare for 5G.
“What I see here is there’s no single stakeholder that can comprehensively manage systematic risk,” Duhon said. “It takes a village. We all have to build that trust. We have to collaborate.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NIST’s Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch -
Trump Overhauls Federal Cybersecurity with New Executive Order
The new directive aims to strengthen digital defenses while rolling back "burdensome" software requirements and refocusing AI security.
3m read -
AWS Summit: Forging Successful Cloud Modernization Partnerships
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
24m watch Partner Content