The Inner Circle

Hi All,

"Biden signs massive order on cybersecurity"  - https://www.scmagazine.com/home/government/biden-signs-massive-order-on-cybersecurity/

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people's security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences, we will incur if that trust is misplaced.

@Jim Reavis
@John Yeoh
@Daniele Catteddu

​​​

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

What do you think? Is it going to move the dial on cybersecurity?

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA
------------------------------

Original Message:
Sent: May 13, 2021 04:09:31 AM
From: Michael Roza
Subject: Executive Order on Improving the Nation's Cybersecurity

Hi All,

"Biden signs massive order on cybersecurity"  - https://www.scmagazine.com/home/government/biden-signs-massive-order-on-cybersecurity/

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people's security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences, we will incur if that trust is misplaced.

@Jim Reavis
@John Yeoh
@Daniele Catteddu

​​​

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

Move the dial?  Yes.  But not as far as we'd all like.  The biggest issue I see is that government agencies rarely meet their deadlines.  We shall see.

------------------------------
Bob Flores
CEO/President
Applicology Incorporated
------------------------------

Original Message:
Sent: May 13, 2021 10:46:24 AM
From: Jim Reavis
Subject: Executive Order on Improving the Nation's Cybersecurity

What do you think? Is it going to move the dial on cybersecurity?

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA

Original Message:
Sent: May 13, 2021 04:09:31 AM
From: Michael Roza
Subject: Executive Order on Improving the Nation's Cybersecurity

Hi All,

"Biden signs massive order on cybersecurity"  - https://www.scmagazine.com/home/government/biden-signs-massive-order-on-cybersecurity/

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people's security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences, we will incur if that trust is misplaced.

@Jim Reavis
@John Yeoh
@Daniele Catteddu

​​​

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

I agree with Bob that agencies often have difficulty meeting deadlines. But another blindspot for gov agencies is that they continue to have a problem with effectively waiting the value of a thing that could happen vs a thing that did happen in this case. Looking at the pipeline incident, my thoughts are that this is the best case scenario attack on critical infrastructure we are ever going to get. If this isn't enough for us to spin up everything we've got and start taking definitive action to modernize and better protect our critical infrastructure we are never going to get it. I think that anyone that understands our adversaries knows that initially they aren't really looking for a kinetic confrontation and why should they when they can trigger such chaos and strife from cyberspace.

Our primary issue is our inability to reach consensus that this is top national security issue that requires immediate sustained attention and funding. The issue is not resolved until those existing weaknesses have been removed from the scenario. The recent pipeline hack and even the issues with the Texas snowstorm have shown bad actors that there are a lot more soft targets than they previously understood.​

------------------------------
Lorenzo Winfrey
Senior Solution Manager
Rackspace Technology
------------------------------

Original Message:
Sent: May 13, 2021 10:46:24 AM
From: Jim Reavis
Subject: Executive Order on Improving the Nation's Cybersecurity

What do you think? Is it going to move the dial on cybersecurity?

------------------------------
Jim Reavis CCSK
Cloud Security Alliance
Bellingham WA

Original Message:
Sent: May 13, 2021 04:09:31 AM
From: Michael Roza
Subject: Executive Order on Improving the Nation's Cybersecurity

Hi All,

"Biden signs massive order on cybersecurity"  - https://www.scmagazine.com/home/government/biden-signs-massive-order-on-cybersecurity/

https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people's security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned. But cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster more secure cyberspace. In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences, we will incur if that trust is misplaced.

@Jim Reavis
@John Yeoh
@Daniele Catteddu

​​​

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------