Biden ordered to enforce the zero trust structure

Content sources ： Safe cattle

In recent days, , President Biden of the United States has issued an executive order that the industry has long awaited （EO）, Designed to adopt “ Bold moves ” To modernize the US government's cyber security 、 Software supply chain security 、 Incident detection and response and overall resistance to threats . The presidential decree proposes six major measures ：

Policy support . Biden pointed out that , Incremental improvements will not give us the security we need ; contrary , The federal government needs to make bold changes and invest heavily , To defend the vital institutions that underpin the American way of life .

• Remove barriers that threaten information sharing
• Federal government network security modernization
• Enhance software supply chain security
• Set up a network security review committee
• Standardization of network security incident plan of the federal government

Biden's presidential decree emphasizes the key measures and best security practices of the federal government's cyber security modernization ：

Towards a zero trust architecture .（ Government sector ） The migration to cloud technology should adopt zero trust architecture where feasible .CISA In response to its current cyber security plan , Services and functions are modernized and upgraded , So that it can play a full role in the cloud computing environment with zero trust architecture ;

• Multi factor authentication and data encryption in static and transmission of cloud services ;
• Accelerate the transfer to secure cloud services , These cloud services include software as a service （SaaS）、 Infrastructure as a service （IaaS） And platform as a service （PaaS）;
• Centralize and simplify access to network security data , To enhance analysis 、 The ability to identify and manage network security risks ;
• Invest in technology and personnel to achieve the above modernization goals .

Although in recent years every US president has issued orders to strengthen national cyber security , But experts think , Compared with previous formal presidential orders , Biden's presidential decree is more detailed , And the chances of success are greater . Biden's presidential decree chose one “ Excellent ” The timing of the , A few days ago, the United States suffered an unprecedented cyber attack on its key infrastructure , Lead to Colonial Pipeline The oil pipeline is interrupted , And the fallout is not even SolarWinds、Exchange Server Cyber attacks are also regarded as the most serious cyber attacks suffered by the US government .

A key measure of President Biden's executive order is to strengthen the security of the supply chain , All federal software vendors are required to comply with strict rules regarding network security , Otherwise, there is a risk of being blacklisted . Final , The president's order plans to create a “ Energy Star ” label , So that both government and public buyers can quickly and easily check whether the software complies with the security development specifications .

Other measures include the establishment of “ Air crash investigation ” Network Security Review Committee , The committee will make suggestions for improvement after major events , And a standardized manual for responding to government events .

The presidential decree also provides for ： Government wide endpoint detection and response （EDR）, Improved information sharing within government and between the public and private sectors , And the requirements of federal government departments for event recording , To strengthen investigation and remedy .

The executive order was welcomed by security experts .

Sonatype CTO and founder of Brian Fox Think , This will require suppliers and software companies to take greater responsibility for the security of their code .

He added ：“ Although government intervention should not be taken to make enterprises take appropriate software security measures , But Biden made full use of the purchasing power of the federal government to improve software security , This is something that all countries can learn from and benefit from .”

Illumio CEO Andrew Rubin Biden also praised Biden's support for the security best practice zero trust model of distributed computing environment .

He said ：“ The Biden Administration issued a comprehensive executive order , Finally admitted the failure of the outdated federal network security model , And opened the first iteration of the new security design —— A new government network security architecture based on zero trust .”

“ Security （ excessive ） Confidence is not just an American problem , A federal problem or policy problem , It's a global problem . therefore , I strongly support this executive order . This is a call for global governments to take action , We need to change the way we protect ourselves . With this new executive order 、 This new zero trust blueprint , We will move towards a safer future .”

If you like our content , Welcome to the official account 「Authing Identity cloud 」 And visit our blog Authing Blog , More interesting content waiting for you to see ～