Showing posts with label Government. Show all posts
Showing posts with label Government. Show all posts

Wednesday, May 12, 2021

Biden's cybersecurity order mandates zero-trust for federal networks

In the wake of recent cybersecurity incidents, notably SolarWinds, Microsoft Exchange, and Colonial Pipeline, President Biden signed an executive order aimed at improving the nation's cybersecurity posture. 

Here are the highlights:

Remove Barriers to Threat Information Sharing Between Government and the Private Sector. The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information. 

Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. The Executive Order helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period.  The Federal government must increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.

Improve Software Supply Chain Security. The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely. 

Establish a Cybersecurity Safety Review Board. The Executive Order establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. 

Create a Standard Playbook for Responding to Cyber Incidents. The Executive Order creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat.  The playbook will also provide the private sector with a template for its response efforts.

Improve Detection of Cybersecurity Incidents on Federal Government Networks. The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.

Improve Investigative and Remediation Capabilities. The Executive Order creates cybersecurity event log requirements for federal departments and agencies. 

https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/

Monday, April 12, 2021

Biden nominates National Cyber Director and CISA Director

 President Biden will nominate Chris Inglis as the firstNational Cyber Director and Jen Easterly as the Director of the Cybersecurity and Infrastructure Agency. 


John Chris Inglis is a former Deputy Director of the National Security Agency.

Jen Easterly is a former Army intelligence officer and currently Head of Firm Resilience and the Fusion Resilience Center at Morgan Stanley.

https://www.whitehouse.gov/

Monday, August 13, 2018

BAE Systems partners with Flexera for government cloud migration

BAE Systems, the British defence, security and aerospace company, has formed a partnership with  Flexera to help government agencies moving to the cloud better manage their software licenses and more accurately plan and budget for their future information technology (IT) needs.

Specifically, BAE Systems will integrate Flexera’s  asset and license management tools into its scalable, hybrid cloud environment for government. The federated secure cloud, developed by BAE Systems and Dell EMC, is designed for any U.S. Intelligence Community, Department of Defense (DoD), or federal/civilian government organization.

Flexera is based in Itasca, Illinois.

“With our federated secure cloud, we’re helping government agencies rethink how they share data, analyze information, and collaborate across their enterprises real-time while remaining consistent with strict governance and security requirements,” said Peder Jungck, vice president and general manager of BAE Systems’ Intelligence Solutions business. “It’s only natural that we’d partner with Flexera – a company reimagining how government IT assets and software licenses are bought, sold, managed, and secured.”