In June, the National Institute of Standards and Technology (NIST) released a formal definition, another 3,300 words of dense material that lays out some new ground rules. The Executive Order did spell out a strategy to get to that definition, however, giving the secretary of commerce 45 days to formally define critical software. The catch: At the time of the order's release, no one really knew what critical software was, much less how to protect it. One of the most talked-about components of the order involves a mandate to "enhance the security of the software supply chain," which includes developing plans to lock down what the order calls critical software.
As the official running the briefing noted at the time, we now find ourselves under "constant, sophisticated, and malicious attack- from nation-state adversaries to run-of-the-mill criminals."Įxecutive Order 14028 is more than 8,000 words in length and runs the gamut from requiring threat and incident information to be shared among competitors to mandating implementation of zero trust architectures across all government agencies.
The government briefing mentioned recent high-profile attacks against important physical infrastructure and Internet security services. That was the unvarnished message delivered by the Biden administration in May, when officials unveiled an Executive Order designed to "chart a new course to improve the nation's cybersecurity and protect federal government networks." The order wasn't the usual lip service about the importance of computer security but rather was intended as a wake-up call to industry about the need for new safeguards.
0 kommentar(er)
