Compliance & Risks
New US Executive Order Requires Zero Trust Security
Executive Order 14028 comes after a series of ransomware attacks targeting various US critical infrastructure, including Colonial Pipeline and a water supply system in Florida.
On May 12, 2021, US President, Joe Biden, issued Executive Order 14028 in an effort to strengthen the country's cybersecurity.
This comes after the cyberattack on one of the US's largest pipelines, Colonial Pipeline, temporarily stopping 40% of fuel supply. The order also comes months after the SolarWinds incident and an attempted attack on the Florida water supply.
The executive order tackles government policies and processes that will improve the US's cybersecurity posture. The operative portions of the order aim to coordinate government efforts and minimise compartmentalisation of cyber risk and attack response within the government. This will be done through the widespread use of the National Institute of Science and Technology (NIST) security frameworks.
Specifically, the mandate also pushes federal agencies to develop plans to implement a zero-trust approach for cybersecurity.
According to the order, the federal government should lead and increase its adoption of security practices, which includes a zero-trust security model. This will then accelerate movement to secure cloud services and consistently deploying foundational security tools.
On top of requiring zero-trust security, the mandate also aims to strengthen supply chain security by creating baseline security standards for the development of software sold to the US government. This means requiring developers to maintain"greater visibility into their software and making security data publicly available".
Additionally, the executive order aims to establish a cybersecurity safety review board co-chaired by government and private sector leads, create a standard playbook for responding to cyber incidents, and enhance the detection of cybersecurity incidents on federal government networks.
The mandate is a significant step toward the modernisation of the US's cybersecurity defences, aiming to strengthen the ecosystem and help prevent cyberattacks that may cause major emergencies.
As more and more threats emerge, governments need to implement various laws and regulations that will mitigate cyber risks. It is also vital for organisations to follow best practices and use premier cybersecurity solutions to future-proof their cybersecurity framework to secure their operations.
As a leader of cybersecurity solutions, Trend Micro ensures that security is at the core of our development and SaaS management processes. To learn more about our product security and certifications, click here.