Are You Ready to (Executive) Order?

Written by Desi Gavis-Hughson

December 7, 2021

We’ve all been there. That harrowing moment at the restaurant when the waiter comes to the table and asks that fateful question: “Are you ready to order?”

I don’t know about you, but I am almost never ready. Do I want chicken or steak? I’ve eaten a lot of meat this week… Should I opt for fish or a vegetarian option instead? Oh, God. I forgot to check the reviews online. What do other people like the best? Cue heart palpitations.

What’s worse, the internal anxiety begins to manifest externally: sweaty palms, fidgeting, the whole nine. Many of the federal agencies (and the channel partners that work with them) I’ve had the pleasure of talking to over the past several months feel the same way about Biden’s executive order on cybersecurity.

For those of you who aren’t familiar, in May 2021 the Biden Administration announced Executive Order (EO) 14028: Improving the Nation’s Cybersecurity. As the name suggests, it emphasizes cybersecurity as a national priority and mandates each federal agency to adapt to today’s continuously changing threat environment. In this blog post, I’ll walk through the key points in the EO.

Removing Barriers to Threat Information Sharing Between Government and the Private Sector

According to the fact sheet on the EO put out by the White House, Executive Order 14028 ensures that IT service providers are able to share information with the government. It also requires them to share certain breach information. This is super important; IT service providers aren’t always willing to share info about a compromise, especially regarding their own security breaches.

It’s a lot like the restaurant reviews I mentioned earlier. Let’s say some folks get food poisoning from your favorite Italian spot, and a few upset (in both stomach and countenance) customers leave bad reviews on Instagram. The restaurant may choose to delete the comments because it paints them in a bad light, but what’s in the best interest of the community? It’s important to share this information, even when it doesn’t benefit the restaurant or the provider.

The same is true when it comes to security breaches, and ultimately, as a customer, I’m going to want to engage (and dine) with providers who are transparent. To bring it full circle, federal agencies need to know breach information that may impact government networks. It’s necessary to enable more effective defenses of federal departments, and to improve the nation’s cybersecurity as a whole.

Modernizing and Implementing Stronger Cybersecurity Standards in the Federal Government

We’ve all heard it before: zero-trust architecture. The EO also helps move the federal government to secure cloud services via a zero-trust architecture, mandating the deployment of multifactor authentication and encryption on a specific time period.

I can’t count the number of times I’ve been to a restaurant with AMAZING word-of-mouth and online reviews, only to find that the food and experience are subpar. The lesson is clear: Trust no one.

For those of us in the observability space – and yes, that includes security – it’s essential that you have a way to encrypt your data in flight and make sure certain logs, metrics, and events are only accessible to those with the appropriate roles, and that the aforementioned access updates as roles shift over time.

Improving Software Supply Chain Security

Next on the list: Establishing baseline security standards for software development for tools being sold to the government. The EO demands visibility into this sort of software, as well as public visibility into their security data. You’d want to know if your dinner choice for the evening is up to code, wouldn’t you?

As new tools are being developed for use by federal agencies, it’s essential that the providers’ development and operations teams are transparent regarding how secure their tools are. Once these tools are implemented, the teams behind these tools need to continue that transparency as standards and regulations change. This EO holds them accountable.

Establishing a Cybersecurity Safety Review Board and a Playbook for Incident Response

If (and when) something happens, you need a game plan. And what exactly qualifies as “something?” The Executive Order creates a standardized playbook and set of definitions for cyber incidents and the subsequent response by federal departments and agencies. The idea is simple: Our government doesn’t have the luxury of waiting until a breach happens to figure out who should or how to respond to it.

Let’s return to our very unfortunate restaurant example. If a patron gets food poisoning, the team in charge of the response often has a significant influence on what the response will be. The restaurant executive team might shell out additional cash to cover any needed medical bills and court costs. Kitchen staff may choose to switch up their menu or BOH practices. And the front of the house? Bring on the apologies and coupons.

When considering something as vital as the federal government, the response simply cannot vary in this way. The Executive Order signifies a cybersecurity safety review board and insists on a playbook for incident response, giving stability to events that could otherwise be earth-shattering.

Improve Detection of Cybersecurity Incidents on Federal Government Networks and Better Their Investigative and Remediation Capabilities

And Joe Schmoe getting food poisoning is a lot different than Drake getting food poisoning. Think of the bad press! What if you could tell who was going to walk into your restaurant ahead of time?

Lastly, the Executive Order – to quote it directly – “improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response (EDR) system and improved information sharing within the Federal government.” It also creates cybersecurity event log requirements for federal departments and agencies with the goal of detecting intrusions, mitigating those in progress, and assessing the damage after the fact.

Robust and consistent logging practices solve much of this problem. Agencies don’t necessarily need to channel Ms. Cleo, but the EO gives these groups a leg up on proactively identifying malicious actors and responding accordingly. Better safe than sorry.

“Check, Please!”

The Biden Administration’s May 2021 Cybersecurity Executive Order establishes cybersecurity as a national priority and lays out new requirements for logging maturity and retention. Hopefully, this blog post helped you better understand the specifics.

Wondering how your agency will comply with the EO? Cribl LogStream can help. Join us for an exclusive session on Wednesday, December 15, where we’ll walk through how Stream can help federal agencies:

  • Meet requirements at each tier of logging maturity (EL1, EL2, and EL3)
  • Adhere to zero-trust principles on access and architecture via role-based access controls, encryption of data in-flight, and more
  • Store data in the right formats for the right time frames with ease
  • Increase log retention while maximizing investments in current infrastructure and analysis tools

I hope to see you there!

In our next blog post, we’ll break down the follow-on guidance in the accompanying memo from the Office of Management and Budget (OMB), M-21-31.

Register for the Webinar

The fastest way to get started with Cribl Stream is to sign-up at Cribl.Cloud. You can process up to 1 TB of throughput per day at no cost. Sign-up and start using Stream within a few minutes.

Questions about our technology? We’d love to chat with you.