Skip to main content
banner image
venafi logo

Encryption Is Critical in New Executive Order to Improve National Cybersecurity

Encryption Is Critical in New Executive Order to Improve National Cybersecurity

federal-cybersecurity-executive-order
May 13, 2021 | Lindsy Drake

In case you missed it, there’s been a lot going on this week in the world of identity management. Venafi just concluded our third annual Machine Identity Management Global Summit during which we heard from both public and private sector leaders on the critical impacts and organizational wins arising from implementing a strong machine identity management program. We heard from GSA on the implications of agencies deploying Digital Workers at the cusp of human and machine identity managementincluding the risks and recommendations of supervised vs unsupervised digital workers. We also heard from Gartner on why machine identity management is on their list of Top Security and Risk Trends for 2021 alongside identity-first security just ahead of their own Identity and Access Management Summit. 
 


Now, on the heels of yet another major cyber attack on American critical infrastructure that shut down the Colonial Pipeline, causing gas shortages and a run on gas stations across the east coast, we finally see the Biden Administration’s much anticipated Executive Order on Improving the Nation’s Cybersecurity. The Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. 

Within the Executive Order, we see multiple decisive action items for the government going forwardand recommendations for the private sector to follow suit. Many of these actions connect directly into the themes and recommendations of this week’s events. Among them, the following directives stand out: 

Sec. 3. Modernizing Federal Government Cybersecurity further directs agencies to

  1. Advance toward Zero Trust Architecture (ZT/ZTA). At the heart of ZT is identity. NIST 800-207 combines human and machine identities broadly into “subjects.” Under ZT then, these subjects are granted minimum access based on the identification of their need combined with continuous authentication and authorization for access requests. For the non-human subjects, automated machine identity management is imperative to support this persistent credential analysis of each and every subject. 
  2. Adopt encryption for data at rest and in transit to the maximum extent consistent with Federal records laws. We’ve been adopting HTTPS everywhere standards for years (OMB 15-13), but as legacy sites and intranets achieve higher rates of encryption adoption, their machine identity management needs increase. We all too often hear from agencies that they’re still trying to manage certificates on spreadsheets but doubling down on encrypted data in transit will once and for all lay those spreadsheets to rest in lieu of automated solutions. 

Sec. 4. then follows with directives on Enhancing Software Supply Chain Security. More to come on this from NIST based on the timelines set forth in the EO, but with software being developed not only outside, but inside of government agencies, the directive to take action to rapidly improve the security and integrity of the software supply chain creates more urgency for agencies to address the code signing processes employed internally and by their contractor organizations.

Specifically, the EO seeks to attain guidance from NIST to set standards, procedures and criteria regarding things like:

  1. Securing software development environments         
  2. Generating and providing artifacts that demonstrate conformance to the processes (to be defined) 
  3. Employing automated tools to maintain trusted source code supply chains, thereby ensuring the integrity of the code 
  4. Employing automated tools that check for known and potential vulnerabilities and remediate them, which shall operate regularly, or at a minimum prior to product, version, or update release
  5. Providing artifacts of the execution of the tools and processes making publicly available summary information on completion of these actions, to include a summary description of the risks assessed and mitigated 
  6. Maintaining accurate and up-to-date data, provenance (i.e., origin) of software code or components, and controls on internal and third-party software components, tools, and services present in software development processes, and performing audits and enforcement of these controls on a recurring basis 

We’ll see what NIST ultimately comes out with, and while I’m paid to say nice things about Venafi, it’s nice to see that the government’s trusted partner in machine identity management is already ahead of this curve to help agencies meet such requirements.

The administration wisely acknowledges that, “in the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced. As our CEO, Jeff Hudson introduced at this week’s summit, “FASTSECURE is the new mindset on which we’ll build a fast, secure, digitally transformed network and government on our way to ensuring the trustworthiness of our digital infrastructure.


Related posts

Like this blog? We think you will love this.
orchestration-and-automation-machine-identities
Featured Blog

Orchestration and Automation are Critical for Machine Identities

The challenges of identity-based zero trust security

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Lindsy Drake
Lindsy Drake

Lindsy Drake writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more