US federal agencies told to pick up pace on cybersecurity after failure to comply with executive order

By on 21/08/2023 | Updated on 21/08/2023
Image of digital interface with lock
Photo: The Digital Artist

US federal agencies have been told to tighten their cybersecurity practices after failing to comply with an executive order urging the use of critical measures to beef up protections across government.

In a memo sent earlier this month to cabinet secretaries of agencies based outside the Pentagon, Jake Sullivan, US national security adviser, said a current shortfall in compliance left government “exposed to malicious cyber intrusions”. He added that the failure to comply undermined “the example the government must set for adequate cybersecurity practices”.

Speaking to US news network CNN, a National Security Council spokesperson emphasised the Biden-Harris administration’s “relentless focus on strengthening the cybersecurity of nation’s most critical sectors”

In 2021, the Biden-Harris administration launched a raft of measures to improve US cybersecurity in response to a series of attacks. A senior administration figure at the time blamed the attacks on a “laissez-faire attitude towards cybersecurity” in government, along with “poor software security” that had consistently led to vulnerabilities being embedded into “critical systems and infrastructure”.

One of the measures taken by the administration was the executive order, which included steps to setting up a joint public-private panel to review cybersecurity incidents. As well as giving agencies 180 days to adopt multi-factor authentication and data encryption, the order also established a playbook to ensure “all federal agencies [met] a certain threshold and [were] prepared to take uniform steps to identify and mitigate a threat”.

Sullivan’s memo urged “full compliance” from all agencies, and stressed that agencies needed to provide a “detailed plan” by the end of September of how they proposed to implement the original executive order.

Read more: Biden signs executive order to beef up cybersecurity in US

Sharpening the ‘point of the arrow’

The US government has also highlighted better cyber security as being key to wider digital transformation in government. In May this year, Claire Martorana, US chief information officer, spoke to Global Government Forum about the government’s four main priorities for its IT operating plan. Martorana named improving cybersecurity as the most important of these, likening it to the “the point of the arrow” to drive reform. Other priorities included IT modernisation, developing a digital-first citizen experience, and using data as a strategic asset.

She said that the early months of the Biden-Harris administration were very much shaped by successive cyberattacks, which included attempts made on the US federal government through flaws in its SolarWinds network monitoring software, as well national infrastructure such as the Colonial Pipeline oil system incident.

Martorana added that while the administration’s focus on these issues gave her and her team “a wonderful palette to paint from”, the essential work lay in getting basic things right, including “data, IT modernisation and delivering for our customers”.

“As you’re modernising those systems, you darn well better be doing research with your users, and making sure you understand what your customer needs, as well as what the employees need,” she said.

“You [need] the forward momentum of cybersecurity carrying along IT modernisation and customer experience, as well as data – everything we’re talking about is data. All these things create the momentum for changing the environment that we’re operating in.”

Last year meanwhile, the US Department of Homeland Security (DHS) admitted to struggling to recruit cybersecurity specialists, despite offering higher pay and simplifying its application process to quicken the hiring process.

Among the reasons cited was that the majority of applicants were seeking entry-level cybersecurity roles, of which there were then 75, leaving the remaining half of vacancies open.

Read more: US CIO Clare Martorana on how to drive government transformation

Join Global Government Forum’s LinkedIn group to keep up to date with all the insight public and civil servants need to know.

About Jack Aldane

Jack is a British journalist, cartoonist and podcaster. He graduated from Heythrop College London in 2009 with a BA in philosophy, before living and working in China for three years as a freelance reporter. After training in financial journalism at City University from 2013 to 2014, Jack worked at Bloomberg and Thomson Reuters before moving into editing magazines on global trade and development finance. Shortly after editing opinion writing for UnHerd, he joined the independent think tank ResPublica, where he led a media campaign to change the health and safety requirements around asbestos in UK public buildings. As host and producer of The Booking Club podcast – a conversation series featuring prominent authors and commentators at their favourite restaurants – Jack continues to engage today’s most distinguished thinkers on the biggest problems pertaining to ideology and power in the 21st century. He joined Global Government Forum as its Senior Staff Writer and Community Co-ordinator in 2021.

Leave a Reply

Your email address will not be published. Required fields are marked *