NSC’s Neuberger: National sense of urgency is spurring more cybersecurity action
The Biden administration is trying to take advantage of the nation’s newfound focus on cybersecurity in the wake of epic supply chain hacks and ransomware incidents to make substantive changes in the nation’s cyber defenses.
“The administration feels a sense of urgency because we think we’re at a moment in time,” deputy national security advisor for cyber and emergency technology Anne Neuberger told the Mandiant cyber security conference in Washington, DC on Tuesday. “A few years ago it was practitioners talking about cyber security risk, today we’ve seen it in practice.”
Neuberger said because cyber security events seem to happen almost every day, it gives the administration an opening to push federal and private sector partners to modernize critical infrastructure in the U.S. and shift from a posture of simply responding to cyber attacks to actually preventing them.
It was with that in mind that President Biden signed an executive order back in May laying out a series of new requirements for companies that want to do business with the federal government. Among other things, it requires companies to report cyber attacks, and give more visibility into their software processes. It also seeks to beef up the security standards on government networks, including mandating multifactor authentication and encryption. The E.O. also created a playbook for cyber-incident response by federal agencies.
Neuberger said federal agencies are making good progress on those changes. “The president asked us for aggressive and achievable timelines,” she said of the deadlines for action in the executive order. “There is a 6 month deadline on encryption and we hit that in November. Requirements for secure development rolls out in February and March timeframe.”