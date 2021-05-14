



By Dave Nyczepir May 13, 2021 | FEDSCOOP

If the government wants to implement Wednesday’s cybersecurity executive order on time, it must improve how it works with the industry, technical experts told FedScoop.

Executive orders follow the recent hacks of the Colonial Pipeline, Microsoft Exchange, and SolarWinds, and the government is not equipped with the right tools and know-how to mitigate cyberattacks by nation-states or just hackers. Hmm.

Dcode’s Technology Engagement Manager, Terry Rydz, told FedScoop that the known struggle of institutions to identify innovative technology companies that provide the cloud services needed to implement zero trust security is compliance. May be delayed.

“What’s hindering, and what the government really needs to pay attention to, is the ability to leverage America’s innovation base,” Rydz said. “We’ve been working with technology companies that honestly have the technology to address many of these issues and have done it in the commercial sector for some time, but struggled to break into the federal government and cooperate. I am.

Dcode scrutinizes technology companies for federal missions and cyberprotection applicability and trains them to work with agencies.

The Executive Order sets a number of deadlines for renewing Federal Procurement Regulations and Defense Federal Procurement Regulations Supplementary Contract Requirements to increase the details and speed at which companies share cyber threat and incident information with agencies.

“Some of the technology companies and traditional contractors who use our programs are about the security and inherent risks associated with their IT systems and how they affect the security of government clients. , Has been forced to investigate more internally, “said Lauren Strayhorn, Technology Engagement Manager at Dcode.

It remains to be seen if the threat of losing government contracts will improve cyber protection, even though there was no market incentive.

However, Dorsey & Whitney’s partner Robert Katanach said in a statement that the order would improve public-private communication.

“Require federal contractors to promptly disclose cyber events, establish lessons learned processes, and more closely verify the reliability of newly defined” critical software “through the lens of the” Zero Trust Architecture “. Focuses on heavy orders in the process. Both attention and resources regarding the highly vulnerable elements of day-to-day functionality in both the public and private sectors, “said Cattanach.

Federal contractors, according to their estimates, did not hesitate immediately on the “aggressive” timeline of orders.

Charles Herring, chief technology officer of security information and event management company WitFoo, said the government will share its own intelligence that contractors sell “premium” and prove that the code is secure before release. I’m expecting that.

“For years, the integrity of the source code has been rarely audited, so many software providers have access to safe development operating procedures, tools to test their code, and are safe. We’ve retrained our developers to use a coding approach and rewrote thousands of lines of code to be compliant, “Herring said. “It can be devastating for providers who neglect these hygiene procedures.”

But it is also the basis of a new security paradigm that the government is working on.

Lindsay Atherton, Dcode’s Technology Engagement Manager, said information breaches can occur quickly and reports can be embarrassing and frightening for tech companies and agencies, but maintain national security. Is essential for.

“It will be essential for federal agencies to ponder not only what the requirements are in terms of reports from cloud service providers, but also the parameters that surround them, in order to create an environment of trust.” Said Asserton.

Earlier federal cloud strategies that facilitated the migration of agencies to the cloud did not specifically emphasize the protection of these services.

This executive order changes that.

“First was the cloud, then the cloud smart. The executive order to improve national cybersecurity will lead us into the era of cloud security,” said Zscaler, vice president of world government and corporate compliance. Responsible Stephen Kovac said. “We encourage you to focus on developing cloud security strategies, technical reference architectures, and cloud governance security frameworks.”

Kovac added that existing federal risk and approval management programs and the Trusted Internet Connections 3.0 security framework should form the basis of “cloud security” for institutions to modernize security.

Technical experts also praised the focus on strengthening cooperation between government and industry.

In a statement, Jason Oxman, President and Chief Executive Officer of the Information Technology Industry Council, said, “The focus on public-private partnerships in this executive order and the modernization and rationalization of federal information systems, networks and supply chains. Thank you for the meaningful steps to take. ” “Working with the Biden Harris administration to ensure that federal agencies and contractors have access to the right resources and support, while minimizing the potential impact on privacy, civil liberties and US competitiveness. We look forward to advancing our US cybersecurity goals. “

Agencies are also participating.

The Department of Homeland Security will take “immediate action” to carry out the order, said Secretary Alejandro Mallorcas.

“Today, an executive order allows DHS and inter-ministerial partners to modernize federal cybersecurity. Expand information sharing. Dramatically improve the ability to prevent, detect, evaluate and correct cyber incidents. “Mallorcus said in a statement.

New legislation built on executive order should be expected in the coming months.

Senator Mark Warner, D-Va. Chairs a selection committee on intelligence that has been instrumental in driving important cyber legislation.

“This executive order is a good first step, but the executive order can only be done so far,” Warner said in a statement. “Parliament needs to step up and do more to address cyber vulnerabilities. I would like to work with governments and colleagues on either side of the aisle to fill these gaps. I am looking forward to it.”

