On May 12th, the White House released the Executive Order on Improving the Nation’s Cybersecurity.
This order comes on the heels of the Colonial Pipeline ransomware attack that shut down operations for the biggest gasoline, diesel and jet fuel pipeline in the US. The shutdown lasted 5 days and caused widespread gasoline shortages and panic buying across the Southeast.
Here’s what the Executive Order means and how it impacts you and your organization's Cybersecurity Strategy.
In an effort to improve the security of federal assets and better protect critical national infrastructure against attacks such as Colonial Pipeline experienced, the Order’s predominant focus is federal systems and resources.
However, it does have implications for private sector organizations that fall within the federal system supply chain, particularly those who develop software used in federal systems.
It calls for collaboration between federal representatives, the Director of NIST, academic representatives, and private sector representatives. The goal of these collaborative efforts is to establish guidelines for secure software development, testing, and implementation.
This follows a growing trend among organizations looking for greater transparency into the security measures associated with the third-party software they use in their systems.
This trend means that developers who integrate security into their development lifecycle and who consider security ramifications in deployment can have improved market advantages.
Clients aren’t the only ones paying attention to security as well as functionality. Shareholders, investors, and parent organizations are increasingly concerned with the costs associated with insecure systems and potential vulnerabilities software can present.
Now, more than ever, it’s essential to adhere to DevSecOps best practices, and ensure you’re putting security first. Best practices will enable you to thrive in the following three areas.
Without setting a strong foundation, technical debt can quickly overwhelm your business and dramatically slow down your growth. It’s important to review all aspects of your business to help reduce existing technical debt and create policies to reduce debt in your development, deployment and security practices.
As the number of compliance frameworks across the world grows, it can be hard to know where your organization stands. Partnering with an experienced third-party organization can ensure a thorough review of your existing policies. You’ll also get help writing new policies to ensure you maintain compliance with all relevant frameworks.
Many organizations want to improve their development and security practices, but understanding the path forward is challenging. The right partner will provide a detailed plan outlining the current level of maturity for your organization and set targets that align with your business objectives.
If you want to know more about secure development and what others are doing to protect themselves against cyber attacks, reach out to us here at NextLink Labs. We would be happy to answer any questions to support your organization and your endeavor to improve your cybersecurity program.
As always, stay safe, stay secure, and stay curious.