A senior Biden administration official said on July 18 that an important mandate under the administration’s Cybersecurity Executive Order – deployment of multifactor authentication and encryption technologies across Federal civilian networks – could be “fully deployed within six months.”
The senior administration official spoke to reporters and provided the executive order update during a call about the Biden administration’s announcement on July 19 that it was formally attributing the Microsoft Exchange software supply chain hack disclosed earlier this year on people connected with the Chinese government’s Ministry of State Security (MSS).
Speaking about the executive order, the senior administration official reiterated, “the administration has funded five cybersecurity modernization efforts across the federal government to modernize network defenses to meet the threat. These include state-of-the-art endpoint security, improving logging practices, moving to a secure cloud environment, upgrading security operations centers, and deploying multi-factor authentication and encryption technologies.”
“The latter could be deployed fully within six months,” the official said.
More generally, the official said the administration was up to date on the many project timelines featured in the executive order. “As you know, the EO contains aggressive but achievable implementation milestones, and, to date, we have met every milestone on time,” the official said.
The official also discussed four areas of progress on executive order items, including efforts by the National Institute of Standards and Technology to develop best practices for building secure software and setting standards to be used by vendors to test the security of their software, work by the National Information and Telecommunications Administration to publish minimum elements for a Software Bill of Materials, and efforts by the Cybersecurity and Infrastructure Security Administration to establish a framework to govern how Federal civilian agencies can securely use cloud services.
In addition, the official talked about ongoing work to address critical infrastructure vulnerabilities, and its launch in April of a pilot effort on Electricity Subsector security.
“Under this pilot, we have already seen over 145 of 255 priority electricity entities that the Department of Energy and DHS identified that service over 76 million American customers adopt ICS cybersecurity technologies to date, and the number keeps growing,” the official said.
“We’re going to follow this pilot with efforts – similar pilots for pipelines, water, and chemical because they all face the same threat and they all have similar gaps in cybersecurity technology rollout,” the official said.