As Federal agencies approach the six-month mark since President Biden issued his Cybersecurity Executive Order (EO) in May, Federal officials are pointing to the zero trust, supply chain risk management, and data aspects of the EO as the greatest opportunities to make a difference in shoring up security.
Officials from the Department of Energy (DoE), Health and Human Services (HHS), and industry also emphasized the importance of collaboration during a panel discussion at MeriTalk’s Cyber Central: Defenders Unite virtual event on October 28.
“We’re going to get to a complete zero trust situation where we don’t trust any person or any resource without authenticating them on every system, and that we’ve identified high-value assets that get particular attention,” DoE CIO Ann Dunkin said at the event. “I think that particular activity is going to be incredibly valuable for DoE because we have such a wide range of assets in our environment.”
The Cyber EO, Dunkin said, has “one more thing and that is the supply chain risk management piece, and supply chain risk management has been undervalued.” She continued, “We started talking it about a while ago, but I don’t think we put a lot of serious effort in supply chain risk management across the government, or even across industry.”
Robert Tagalicod, chief of cybersecurity and privacy communications and engagement at HHS, agreed with Dunkin on both points and added that the data portion of the EO also carries an opportunity to make the biggest difference in the Federal cybersecurity space.
“What I’d like to pull back and talk about as a data guy – rather than a cybersecurity person – is clearly thematically and practically the importance of data in the executive order, its availability for review, analysis, and decision making,” Tagalicod said. “And the importance of partnership and collaboration and the use of that data in that partnership, and collaboration in any coordinated rapid response, especially regarding remediation and resiliency efforts.”
Tagalicod talked about data as a running theme in the Cyber EO, whether it is being used in sharing of threat details and analysis, its use in zero trust architectures, the Continuous Diagnostics and Mitigation (CDM) program, or to collaborate on threat response.
Along those lines, David Treece, the director of solutions architecture at Yubico, pointed at data and the need to develop phishing-resistant multi-factor authentication as two big priorities for both industry and the Federal government. The way that the private-public partnership can become the most fruitful is with industry and government working together to get to the next level of cybersecurity, he added.
“It’s constantly innovating and working together, and taking those standards and then building products and tools as that can actually be able to be leveraged across the board,” Treece said.
To hear the full panel discussion, please visit Cyber Central: Defenders Unite.