The White House’s new National Security Memorandum will have wide-reaching implications
Are You Ready?
After the crippling SolarWinds fiasco and several high profile attacks on Critical Infrastructure (CI), the White House started a big push on cybersecurity, kicking it off with the signing of Executive Order (EO) 14028 in May of 2021. EO 14028 was developed with CI entities in mind. So far it has resulted in more than 150 utilities serving 90 million Americans committing to deploy cybersecurity technologies.
Now, on January 17, 2022, President Biden has signed a National Security Memorandum (NSM) to expand its efforts to, “modernize cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. The Executive Order uses the federal government’s buying power to drive security in the software and systems we all use.” This NSM requires that, at minimum, National Security Systems employ the same network cybersecurity measures as those required of federal civilian networks in Executive Order 14028.
The new NSM has four main functions. It;
- Specifies how the provisions of EO 14028 apply to National Security Systems
- Improves the visibility of cybersecurity incidents that occur on these systems
- Requires agencies to act to protect or mitigate a cyber threat to National Security Systems
- Requires agencies to secure cross domain solutions – tools that transfer data between classified and unclassified systems
Zero Trust is the next wave in cybersecurity – are you ready to ride it?
The White house is pushing forward with a full head of steam to a Zero Trust paradigm, so it’s time to know exactly what that is and how to effectively leverage it. The Zero Trust (ZT) model of cybersecurity is a real thing, even accepted by NIST (National Institute of Standards and Testing) and included in the NIST 800-207 framework, which many industries and sectors are using as the documentable baseline for security. It’s also a key component in the MITRE ATT&CK® framework. In a Zero Trust model, there is no such thing as a trusted source. It assumes potential attackers are present both inside and outside the network. With the Zero Trust “never trust, always verify” approach, every request to access the system must be authenticated, authorized, and encrypted. It is giant step up from the previously accepted model of “trust but verify, which automatically granted trust to anyone inside the perimeter of the network, leaving organizations vulnerable to insider attacks, and it really went off the rails once businesses migrated to the cloud.
With the government spearheading the way, it’s only a matter of time before this Zero Trust architecture sweeps through everything, as evidenced by the explosion of Two-Factor (2FA) and Multi-Factor Authentication (MFA), key elements to the Zero Trust method because they constantly require an extra step(s) to verify a user’s identity.
For Zero trust to be fully realized, you also need strong endpoint detection and response (EDR) capabilities. Thankfully, the world of EDR has come a long way, with XDR (eXtended Detection and Response) leading the charge. XDR correlates EDR, network, email, cloud, and other data from across the enterprise – and across environments – into a single view in the Security Operations Center (SOC), while using automation and machine learning to provide threat analysts and the SOC team with more accurate threat detection and improved response times. Basically, someone is always watching and ready to react.
GDF Can Help
There are a few things that every organization needs to do to stay on the forefront of cybersecurity and GDF can help every step of the way:
- Vulnerability assessments performed by experienced and certified cyber security professionals
- Handling you annual/bi-annual penetration testing needs to identify weaknesses in your security chain so they can be rectified
- Testing applications for unwanted malware and/or other vulnerabilities
- Conducting deep scans to identify and neutralize any resident malware like rootkits and RATs
- Provide you with detailed documentation on your cybersecurity posture for audits, clients, investors, or whomever else needs to be apprised of your cybersecurity status
- Full XDR solutions
- And more…
So stay ahead of the curve, protect your valuable digital assets and be ready for the requirements your industry mandates (or is about to). Fill out the form below , or better yet, call GDF today at 1-800-868-8189 and let’s get started
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cybersecurity and emergency incident response, with years of experience assisting clients in the government, banking, legal, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to call 1-800-868-8189 for immediate help. For more information, visit GDF's cybersecurity page.