White House Issues Executive Order on Cybersecurity

On May 12, 2021, the White House issued an Executive Order (EO) on cybersecurity titled, Improving the Nation’s Cybersecurity.

The EO claims to make a significant contribution towards modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the government and private sector and strengthening the nation’s ability to respond to incidents. Influenced by several high profile cyber incidents including the Colonial Pipeline and SolarWinds, the EO targets several cyber initiatives including:

Remove Barriers to Threat Information Sharing Between Government and the Private Sector.

The Executive Order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information.

Modernize and Implement Stronger Cybersecurity Standards in the Federal Government.

The EO helps move the Federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period.

Improve Software Supply Chain Security.

The EO will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available.

Establish a Cybersecurity Safety Review Board.

The EO establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity.

Create a Standard Playbook for Responding to Cyber Incidents.

The EO creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat.  The playbook will also provide the private sector with a template for its response efforts.

Improve Detection of Cybersecurity Incidents on Federal Government Networks.

The EO improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government. The Federal government should lead in cybersecurity, and strong, Government-wide Endpoint Detection and Response (EDR) deployment coupled with robust intra-governmental information sharing are essential.

Improve Investigative and Remediation Capabilities.

The EO creates cybersecurity event log requirements for federal departments and agencies. Poor logging hampers an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact.

While the consensus is that the intentions of the EO is in the right place, industry experts debate if good intentions will have an immediate impact on the rampant cybersecurity attacks impacting the federal and private sectors. It is important to remember that an EO are not statutes, rather formal documentation of policy directives and expressions of a president’s opinion – and without congress’s support, are not enforceable on the private sector.

White House Resources

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
TSA Issues Second Cybersecurity Directive for Pipeline Owners and Operators
Benefits of a Purple Team Assessment
Understanding Windows 11 TPM Support Requirements
Jen Easterly Named Director of the Cybersecurity and Infrastructure Security Agency
Summertime, Learning Strides, and Cybersecurity
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

[email protected]
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

[email protected]
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102

[email protected]
p:571.380.9003

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×