Welcomed Progress: Cybersecurity Executive Order Aims to Improve Nation’s Cyber Posture
Cybersecurity is not a partisan issue; it is a national security issue. While previous administrations have issued cybersecurity-related executive orders with clear calls-to-action for federal agencies to follow, this executive order is significant given the recent cybersecurity incidents.
From SolarWinds to Colonial Pipeline, the increasing volume of cyber attacks has shown how incidents can significantly disrupt operations and critical infrastructure. Continually escalating cyber threats make action imperative for federal agencies and is why Forescout strongly supports the core elements of the Biden Administration’s Executive Order on Improving the Nation’s Cybersecurity (EO).
The May 12 EO seeks to move federal civilian agencies toward a zero trust architecture; mandates the adoption of endpoint detection and response initiatives to support proactive detection of cybersecurity incidents within federal government infrastructure; and seeks to accelerate the move to secure cloud infrastructure (e.g. Software-as-a-service, infrastructure-as-a-service, platform-as-a-service). The EO also directs a robust level of cybersecurity information sharing, and to that end, requires that civilian agencies’ object level data are available and accessible to the Cybersecurity and Infrastructure Security Agency (CISA); the mechanism for capturing this data is the Continuous Diagnostics and Mitigation (CDM) program.
To meet this object level data sharing requirement, agencies must be confident in their ability to provide CISA with accurate data, this begins with data about hardware assets – which is also the first and foundational phase of the CDM program otherwise known as Hardware Asset Management (HWAM).1 HWAM includes discovering connected devices well beyond traditional endpoints like laptop or desktop computers, to printers, mobile phones, sensor-driven Internet of Things devices and even connected operational technology devices like building automation systems. Missing any percentage of networked devices can weaken confidence that what agencies report to CISA reflects their true IT environments and will degrade master endpoint record quality. It also seriously impedes agencies’ and CISA’s ability to make the risk-based decisions with which they are tasked. While the provision to capture object level data may not have captured headlines, it will play a significant role in the government’s ability to make risk-informed decisions and conduct incident response activities in the event of another SolarWinds-type event. Data sharing is a welcome call-to-action that will help civilian agencies meet key security objectives and greatly improve the federal network’s security posture.
CDM will serve as a core component to the federal government’s move to a zero trust architecture. Focused on the principle of “never trust, always verify”, zero trust includes an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources. It is largely a response to enterprise network trends that include remote users, bring your own device (BYOD), and cloud-based assets that are not located within an enterprise-owned network boundary. NIST SP 800-207 guidance defines three core logical components that a zero trust architecture must include: policy engine, policy administrator and policy enforcement point. Data sources such as a CDM system, threat intelligence feed, data access policies, an ID management system among others will feed real time information to the policy enforcement point which will decide whether to grant or deny access requests to information resources. As the long list of data sources suggests, Zero Trust is not about a singular product; it is about multiple products that will need to work together. Forescout’s integration-centric approach is built on these principles. Our platform is designed for easy integration enabling true Zero Trust-level security that agencies require.
It is encouraging that the federal government has prioritized cybersecurity by issuing this Executive Order at this critical time. That action sets the government and the country firmly on a path toward a more secure future. Forescout is committed to working closely with our valued agency customers, as well as the integrators and partners on whom those customers rely, to pursue the aims of the Executive Order and strengthen our national security posture.
Click here for more information on how Forescout is supporting the CDM program.