DHS Cyber Leaders Say Biden Cyber Order is a Long-Term Roadmap
Cyber vulnerabilities in federal agencies’ supply chains aren’t going away any time soon, and addressing them will take a consistent, concentrated effort.
Department of Homeland Security cyber leaders see President Joe Biden’s Executive Order on Improving the Nation’s Cybersecurity as the beginning of a “journey” to develop more comprehensive, consistent cybersecurity strategies at federal agencies.
This journey, they said, will help federal agencies deploy emerging technologies safely and securely to dramatically improve mission delivery.
The Office of Management and Budget is putting together a cloud security strategy “focused on zero trust that will probably be going out for public comment around the 90-day mark (of the executive order). All of this comes together to help guide agencies in a standard and consistent direction over the next couple years as we continue to make progress here,” said CISA Deputy Assistant Director of Cybersecurity Matt Hartman at an ACT-IAC Homeland Security Forum last week.
The 90-day mark of the executive order is Aug. 10. Iranga Kahangama, director of cyber incident response at the National Security Council, said the order was a “direct response” to the SolarWinds hack discovered in December 2020.
“Many of these EO tasks are sprints to develop architectures or roadmaps, and these are the initial milestones that will set additional milestones that will commence multi-year journeys,” Hartman said. “Many of the core issues being addressed will only be solved through years, literally years, of focus and investment.”
At DHS, CISO Kenneth Bible said he’s focused on creating consistent cyber “roadmaps” to bulwark the network against cyber threats.
“If I understand the control environment and can map that consistently, I can alleviate some of the risk to the organization and have a more seamless path to an [authority to operate],” he said during the forum. “What I’m talking about in terms of that framework is to understand the threat and how the threat maps to the controls and map the controls to my technical solution.”
Alethea Duhon, associate director for analysis at CISA’s National Risk Management Center, said federal agencies also need to focus on securing their entire IT supply chains.
“Everything connects in the supply chain to how we acquire components. That’s why it’s so important for networks to be secure,” she said during the forum. “Data travels overseas. We’re guided by three principles: risk management, stakeholder engagement and technical assistance. Everything connects.”
Carole House, director of cybersecurity and secure digital innovation at the National Security Council, said the Biden administration has “really been pushing” for a national security strategy for 5G to mitigate “significant national security risks posed by high-risk suppliers.”
But network decentralization at federal agencies is also a national security risk.
“On the paradigm shift to decentralization, there’s a lot of potential benefits with networking and decentralized ledger techs, future identity management developments, financial access and inclusion, decentralization of payments has a lot of really great potential to facilitate peer-to peer-interactions,” House said at the forum. “There’s great potential for innovation, but they can also be exploited, the way any tech or software can be used for good, can be used for bad, and the vulnerabilities that exist depend on how they’re designed.”
As Bible pointed out, “The problem with [software as a service (SaaS)] isn’t really SaaS,” it’s the components and suppliers that make SaaS. Federal agencies need to work on understanding their software supply chains and their network supply chains as they prepare for 5G.
“What I see here is there’s no single stakeholder that can comprehensively manage systematic risk,” Duhon said. “It takes a village. We all have to build that trust. We have to collaborate.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Trump's FBI Pick Calls for Increased Cyber Resiliency
Trump's pick for FBI Director Kash Patel has expressed his plans for bolstering the nation's cyber resiliency if confirmed by the Senate.
3m read -
DOE Cyber Pilot Takes Centralized Approach to Threat Monitoring
DOE's cyber pilot drives a centralized approach to threat monitoring and builds robust defenses to defend the nation's energy infrastructure.
5m read -
Securing the Expanding Attack Surface in Cyberspace
Agencies undergoing digital transformation face a more intricate threat landscape and a wider threat target for adversaries looking to exploit vulnerabilities.
30m watch -
ODNI-UVA Partnership Develops Future Intelligence Workforce
The National Security Data and Policy Institute aims to bridge skills gaps and develop the intelligence community's next-gen workforce.
3m read