Federal concerns about malicious cyber campaigns targeting public and private sectors prompted the new Executive Order on Improving the Nation’s Cybersecurity, issued in May 2021. An additional White House memo advocates for stronger software supply chain security and the implementation of cybersecurity best practices. These steps all point in the right direction towards better online security.
What is the Executive Order on Improving the Nation’s Cybersecurity?
As public and private sector organizations experience an increasing scale of
Some of these actions include a review of cloud contract requirements and the development of a federal cybercampaign detection and response strategy.
Federal agencies are also encouraged to implement Zero Trust policies that include
Visibility and Software Supply Chain Security Feature Throughout the Executive Order
The Executive Order highlights two major themes: visibility and software supply chain security.
Visibility: Federal agencies must review how Cloud Service Providers share threat data with federal departments. They must also develop policies for “for logging, log retention, and log management, which shall ensure centralized access and visibility for the highest level security operations center of each agency.”
Software supply chain security: Commercially acquired software vendors must demonstrate their ability to resist attacks and prevent tampering by malicious actors. Because many commercial products are built on open source software, the Executive Order advocates for a “Software Bills of Materials” (similar to a list of ingredients on a food product) to further validate commercial software as trustworthy.
Open Source Software
Products built on
A “Software Bill of Materials” serving as a list of trusted software ingredients strengthens software supply chain security and ensures code integrity.
Private Sector also Urged to Take Action
“All organizations must recognize no one is safe from being targeted by ransomware… But there are immediate steps you can take to protect yourself, as well as your customers and the broader economy.”, stated
Whether they serve the federal government or not, private organizations have the power and obligation to harden their security stance on ransomware. The White House memo recommends five best practices to mitigate the risk of a successful cyberattack:
Backup data, system images, and configurations; regularly test backups and keep them offline.
Update and patch operating systems, applications, and firmware promptly using a centralized patch management system.
Test incident response plans to identify gaps and determine if it is possible to maintain operations without access to certain systems.
Take advantage of third-party penetration tests to check the security team's work and the ability to defend against a sophisticated attack.
Separate networks supporting corporate business functions and manufacturing/production operations so one network can continue operating if the other is compromised.
How to Better Protect against Ransomware with a Password Manager
In addition to the best practices recommended in the White House memo, the Cybersecurity and Infrastructure Security Agency (CISA) has recently released a
Open source password managers like Bitwarden perform password health checks, support 2-Factor Authentication, and empower employees to develop cybersecurity best practices by giving them their own
Employees can better protect passwords from being compromised by:
Choosing stronger passwords
Identifying when passwords have been compromised (or when default passwords need changing)
Using additional credential protections such as 2-Factor Authentication, Single Sign-On, and biometric logins to better protect against ransomware and other cybersecurity threats
Learn how your organization can be more proactive in strengthening ransomware protection by using a password manager.
Take advantage of a