Attivo Networks Blogs

Cybersecurity Execs Weigh In On Biden Executive Order

SDxCentral logo

U.S. President Biden late Wednesday signed a long-awaited executive order intended to improve the country’s cybersecurity and protect federal networks.

The move follows some of the worst attacks against U.S. networks and critical infrastructure including SolarWinds, the Microsoft Exchange hack, and, most recently, the ransomware attack against Colonial Pipeline that took down the country’s largest fuel line.

Biden’s directive requires federal agencies and software suppliers to report breach information, and it establishes a Cybersecurity Safety Review Board co-chaired by government and private-sector experts. The board will analyze major hacks and recommend actions to improve cybersecurity after an attack occurs.

It also requires that software sold to the government meets baseline security standards, and it mandates cybersecurity event log requirements for federal departments and agencies. It also creates a standardized playbook for incident response by these agencies.

Additionally, the executive order mandates federal agencies adopt several security best practices including zero-trust architectures, multi-factor authentication, and encryption for data at rest and in transit.

“It’s the first time our government has attempted to rewrite its cybersecurity blueprint in nearly two decades, and it comes not a day too soon,” wrote Illumio CEO Andrew Rubin in a blog post. Rubin led a team that helped to contribute to the executive order’s zero-trust language.

As expected, security professionals expressed mixed reactions to the directive with some applauding the White House’s action and others saying that it doesn’t go far enough.

Tenable CEO Amit Yoran, who was the founding director of the U.S. Computer Emergency Readiness Team (US-CERT), called it “one of the most detailed and deadline-driven EOs [executive orders] I’ve seen from any administration. In the wake of a seismic attack, like SolarWinds, this is incredibly encouraging to see.”

Toran pointed specifically to the new breach notification requirements for software suppliers and baseline security standards for software sold to the government. “This speaks directly to the gaping supply chain security issues that SolarWinds brought to attention — one broken chain link can bring down the entire fence,” he said. “While these practices won’t prevent all supply chain breaches, it’s an important step forward.”

Security standards and best practices “can uplift not just the security of the software industry but the overall level of cybersecurity in our economy,” wrote Mark Weatherford, SecurityScorecard advisor and former deputy undersecretary for cybersecurity at the Department of Homeland Security, in a blog post.

However, while the White House directive will bring greater transparency to the federal government’s software marketplace, “the logical next step is to bring similar transparency to the security of vendors and third parties in all industries,” added SecurityScorecard co-founders Alex Yampolskiy, CEO, and Sam Kassoumeh, COO.

Attivo Networks CTO Tony Cole, a retired U.S. Army cybersecurity analyst who helped build the Army’s security infrastructure around the globe, called the executive order “a good first step.” But, he added, it needs “a lot more action.”

Threat-information sharing between government agencies and private companies is particularly important in hardening the nation’s security posture, Cole said.

“The administration plans actions to remove roadblocks currently in place stopping companies and agencies from sharing threat information with each other,” he added. “That’s good, however incentives will also be needed since the mandated information sharing initiatives are limited to contracted companies doing business with the federal government or federally regulated organizations.”

And while information sharing should be a focus for the Biden administration, the executive order should have put more emphasis on detecting threats that have already breached firewalls and now can move laterally inside an organization’s environment, Cole continued.

“Zero trust, endpoint detection and response, and multi-factor authentication are all called out in the EO,” he said. “However previously unknown vulnerabilities (zero day) being actively exploited have the potential to easily circumvent MFA, EDR, and potentially components of zero trust. A focus must be placed on lateral movement detection, protecting credential systems, privilege escalation, and related active directory systems.”

Cole cited Verizon’s latest Data Breach Investigation Report, released this week, that found 61% of breaches involved credentials. “Determined attackers will make it inside the enterprise defenses, and early detection of them is key to mitigating the impact and ensuring they are stopped before completing their goals,” he said. “The SolarWinds supply chain breach took a sophisticated cybersecurity company nine months to detect. More importantly, no one else detected it. Detection is the key to stopping impact.”

The executive order, several weeks in the making, follows a concerted anti-ransomware push by the government and private companies. Late last month, the Justice Department created a task force to curb ransomware, and a week later the private-sector-led Ransomware Task Force issued 48 recommendations that it says will disrupt the ransomware business model and mitigate the impact of these attacks.

Cisco is among the 60-plus members of the group, and Matt Olney, director of Talos threat intelligence and interdiction at Cisco, said the federal government needs to get more aggressive in its threat-hunting and response actions against adversaries. “We still need more aggressive engagement against those adversaries that threaten critical infrastructure,” he said. “And we hope that approaches such as those recommended by the Ransomware Task Force will be adopted to pair with the changes highlighted in the executive order.”

Read the original article by Jessica Lyons Hardcastle on SDxCentral.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

11 − 2 =

Ready to find out what’s lurking in your network?

Scroll to Top