Federal government and private sector officials said at a Nov. 8 ATARC event that government agencies have made notable progress in implementing the Biden administration’s May 2021 cybersecurity executive order, but that the government has still has a long way to go to reach the order’s full potential.
Paul Blahusch, chief information security officer at the Department of Labor (DoL), remarked that the order’s payoff on supply chain security remains a work in progress.
“Well, as far as I know, the executive order didn’t fix everything yet,” he said. “What we’re going to try to do to get that fix is to work with vendors … It’s going to be a team effort to try and make sure that there is good hygiene throughout the software development process, and it starts with our vendors,” Blahusch said.
Nita Jones-Coleman, Program Analyst for Enterprise Risk and Compliance-Supply Chain Risk Management at the Department of Veterans Affairs, pointed to some of the better outcomes from the executive order, including succeeding in aligning vendors with what her agency wants to buy.
“Are we in a better place? Yes, because we have an awareness of what we’re looking for,” she said. “We are aligning our people, our resources [and] we’re also aligning our technology differently than we did prior to SolarWinds.”
“I think because of that we are aligning ourselves so that we can do better in the contract in that area [and].making sure our contract folks know what they’re looking for when they sign those contracts,” Jones-Coleman said.
Brian Reed, chief mobility officer from NowSecure, explained how the EO has pushed tech giants like Alphabet and Apple to move forward with programs that create security labels for applications in their software stores.
“So, industry was accelerated by” by the executive order, he said, evidenced by the moves from Apple and Alphabet. “They won’t say they did this because of the executive order, but both programs were accelerated by the need to drive better transparency,” Reed said.
So I do think the industry is trying to align in terms of trying to support what the Federal agencies are doing, and we’re also seeing behavior now where financial institutions and healthcare institutions are looking at the same regulations,” he said.