Today, when cyber threats constantly besiege defense systems, how can a nation ensure its digital boundaries are safe?
Executive Order 14028 aims to strengthen the United States' cyber defenses.
Cyberattacks pose severe threats to the nation — endangering government, businesses, and the well-being of all citizens. And that’s exactly why the U.S. aims to intensify its defenses. Why? Because each attack provides a lesson. Learning from these incidents is an imperative step toward digital resilience.
However, the government alone can’t safeguard the entire nation. The government, together with various partners particularly in the private sector (including Splunk), aims to respond to threats and proactively secure the nation.
This collaboration will earn trust in technology, which must be as safe as it is open. It's clear that incremental steps are insufficient — the nation demands bold, transformative measures to address such threats.
To address these issues, investments in cybersecurity have also become non-negotiable. Protecting essential services and ensuring the security of government systems are now top priorities. These efforts are central to the national agenda since they emphasize the critical role of cybersecurity in safeguarding your way of life.
To fight cyber threats, the government removed barriers hindering information sharing between IT/OT providers and federal agencies. Here are some of the key steps it took:
Within 60 days, officials reviewed the existing contracts to prepare for updates. These updates enabled easy exchange of threat data.
Service providers collected, preserved, and shared cybersecurity-related information with all contracted agencies.
Officials made recommendations within 60 days, proposed regulatory updates within 90, and implemented changes in 120.
ICT providers reported cyber incidents ensured the free flow of information to those who can act. CISA was advised to manage this process to enhance response effectiveness.
The government also standardized the reporting requirements, prioritized privacy, and ensured quick incident reporting.
The final step included these efforts in the annual budget, ensuring financial support for these enhancements. This approach marks a new era in federal cybersecurity.
The Federal Government took decisive steps to rebuild its cybersecurity posture in response to growing threats. It prioritized modernization, embraced best practices, and advanced toward a Zero Trust Architecture.
Agencies updated their cloud adoption plans within 60 days, aligning with OMB guidance. They developed and submitted plans for Zero Trust Architecture to the OMB Director and the APNSA, incorporating NIST's recommended steps.
Adopting cloud technology became a coordinated effort. It emphasizes the prevention, detection, assessment, and remediation of cyber incidents. CISA led this modernization and ensured programs were compatible with cloud environments and Zero Trust principles.
Within 90 days, a federal cloud security strategy was made. It guided agencies toward secure and efficient cloud migration. CISA, OMB, and FedRAMP also developed a cloud-security technical reference architecture and a governance framework to set new data protection and incident response standards.
Within the next 180 days, agencies were asked to implement multi-factor authentication and data encryption to secure data at rest and in transit. Those unable to meet the 180-day deadline had to provide detailed rationales highlighting the challenges involved.
CISA collaborated with the Attorney General, the FBI, and FedRAMP to establish a cybersecurity collaboration framework. This process began with training programs, improving CSP communication, and introducing automation. As a result, a more agile federal cybersecurity infrastructure was designed.
(Learn all about FedRAMP compliance.)
The U.S. government also made a decisive move to secure its software supply chain — after all, supply chain attacks are very real. It swiftly responded to the growing cyber threats, particularly targeting software critical to national functions.
Under the direction of the Commerce Secretary, NIST led a rapid initiative to bring together experts from various sectors to establish advanced security standards. Within 180 days, they issued initial guidelines to strengthen the defenses built on proven practices for immediate impact. This groundwork expanded into a detailed security framework — redefining software security standards.
The government mandated compliance with these standards, with the OMB monitoring adherence and handling exceptions. By the year's end, software vendors had to verify compliance with these standards to continue participating in federal contracts.
The Secretary of Homeland Security founded the Cyber Safety Review Board in response to escalating cyber threats. This Board analyzed cyber events, vulnerabilities, and mitigation strategies. Based on the analysis, it issued the initial recommendations within 90 days following a December 2020 event.
Shortly after its first review, the Board outlined strategies to refine its structure, mission, and response tactics, including criteria for member selection and information protection. Then, the Secretary, along with the Attorney General and APNSA, reviewed and implemented these strategies.
EO 14028 ordered a unified approach to cybersecurity across federal agencies. In collaboration with key officials, a standardized playbook was developed within 120 days by Homeland Security to streamline responses to cyber vulnerabilities and incidents.
Key aspects of the playbook included:
Adoption of NIST standards.
Application across FCEB Agencies.
Flexibility for various incident response activities.
The OMB Director issued usage guidance to maintain a cohesive approach. Agencies with alternative methods required approval and had to demonstrate their efficacy matched or surpassed the playbook.
The playbook was reviewed and updated annually by CISA in consultation with NSA, and the revisions were incorporated into OMB guidance.
Federal agencies implemented Endpoint Detection and Response (EDR) systems to detect threats early and build strong response mechanisms. These systems actively identify and counteract cyber threats.
The Secretary of Homeland Security, through CISA, led this effort. They offered recommendations for EDR deployment.
The initiative highlighted the need for cooperation and resource sharing. It equipped agencies with the tools and guidance necessary to follow new cybersecurity protocols, promoting a unified security front.
Agencies updated the Memorandum of Agreement (MOA) to streamline data sharing for threat analysis and emphasize strategic informed decision-making.
Apart from that, NSA improved the detection of cyber incidents in National Security Systems. They explored EDR approaches to reflect the initiative's broad reach.
A new directive strengthens the Federal Government's cybersecurity by highlighting the role of network and system logs in investigation and remediation efforts.
This mandate required agencies and their IT service providers to collect and keep such data so they could quickly provide essential information to the Secretary of Homeland Security through CISA when addressing cyber incidents.
The Secretary of Homeland Security developed comprehensive recommendations for event logging, data retention, and log protection. These guidelines included using cryptographic methods to secure logs against tampering while complying with privacy laws.
Following these guidelines, OMB set firm policies for log management. These policies centralized access and improved visibility for security operations centers across agencies.
The Secretary of Defense improved the National Security Systems' cybersecurity within 60 days. This was done by collaborating with the Director of National Intelligence and the CNSS to establish higher cybersecurity standards that accommodate mission-specific exceptions as needed.
Simply put, Executive Order 14028 strategically provided better protection for national defense assets against cyber threats by combining security with operational flexibility.
See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.