Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cyber-Security Executive Order Implementation Deadlines Near

    By
    SEAN MICHAEL KERNER
    -
    July 5, 2017
    Share
    Facebook
    Twitter
    Linkedin

      Back on May 11, President Trump signed an executive order on cyber-security, giving civilian and military agencies a 60-day deadline for reviewing cyber-security posture. As that initial deadline nears, eWEEK reached out to security experts to see what, if any impact the executive order is currently having. 

      “There has not been any public impact thus far,” Joseph Carson, chief security scientist at Thycotic, a Washington D.C. based provider of privileged account management (PAM) solutions, told eWEEK. “This executive order is making the agencies executive heads accountable and responsible for cyber-security risk, quickly identifying and reporting back the current state of cyber-security.”

      Carson said that in his view the executive order is a a gap analysis exercise and it is important to note that it does not improve or prevent cyber-security threats, however it is an important step in the right direction to understand clearly the areas of high risk.  

      “Right now, risk assessments are being performed and the execution of this will likely be second half of this year once the risks have been identified and reported,” Carson said. “What is lacking in this executive order is a clear cyber-security strategy and incident response. While it helps with the risk assessment, it is only part of what is needed to make a big difference.”        

      Ken Spinner, VP of Field Engineering at Varonis, a provider of insider threat protection technology, commented that it’s very hard to say whether the executive order is having an impact because there are so many confounding factors.

      “Since the executive order was signed, we’ve seen fast-spreading global malware attacks (WannaCry, Petya), specialized malware targeting power grids (CrashOverride), and insiders with top secret clearance leak sensitive information (Reality Winner),” Spinner told eWEEK. “The steady stream of security incidents appears to be doing more to spur governments into action than Trump’s mandate.”

      NIST Framework

      According to John Chirhart, federal technical director at Tenable Network Security, the cyber-security executive order has helped with the very complicated and often debated topic of vulnerability remediation prioritization.

      “Historically, agencies have had to rely on their best judgement to determine where to focus their remediation and mitigation efforts,” Chirhart told eWEEK. “But the executive order has helped agencies prioritize their focus on securing areas such as critical infrastructure.”

      The cyber-security executive order specifically states that U.S. government agencies should use the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity. As part of the Executive Order, government agency heads need to provide a risk management report based on NIST cyber-security framework within 90 days of EO release. The NIST cyber-security framework was first released back in February 2014 as an implementation of a cyber-security executive order issued in 2013 by President Obama.

      Chirhard said that the NIST Cyber-security Framework has seen widespread adoption in the private sector because it provides a flexible, prioritized, repeatable, and cost-effective approach to cyber-risk.

      “While government agencies are working to adopt the NIST Cyber-security Framework, many have not been able to quickly implement it because of the slow procurement process,” Chirhard said. “Outdated procurement methods also create obstacles for agencies to bring in the people and tools needed to effectively implement the framework.”

      Dan Lohrmann, chief security officer at Security Mentor, a provider of security awareness training said that in terms of general adoption, he is seeing more state and local governments, as well as private sector organizations, formally adopting the NIST cyber-security framework as a standard. 

      While the NIST cyber-security framework provides a guide for best practices to improve security, Thycotic’s Carson warns that it is quickly becoming outdated as technology and threats evolve rapidly. Simon Gibson, Fellow Security Architect at network visibility vendor Gigamon sees the NIST framework used and referenced widely across critical infrastructure and other industry sectors. Gibson also wants to see that NIST keeps the framework up to date to deal with emerging threats.

      “As the federal agencies begin to leverage the NIST Framework as part of their existing risk management processes, we urge NIST to update the informative references frequently so that agencies adopt and implement the most up to date and effective security controls,” Gibson said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×