FORT MEADE, Md. – The National Security Agency (NSA) will play an important role in implementing the requirements of an Executive Order (EO) that was recently signed by President Biden. The EO, entitled Improving the Nation’s Cybersecurity, is designed to modernize cybersecurity defenses, improve information-sharing between the Federal Government and private sector on cyber issues, and strengthen the ability of the United States to respond to cyber incidents when they occur.
To these ends, NSA will spearhead efforts to outline procedures for cyber incident report sharing, recommend actions to improve the detection of cyber incidents affecting National Security Systems (NSS), and adopt NSS cybersecurity requirements to be included in a National Security Memorandum for cybersecurity requirements specific to NSS.
The Executive Order also identifies the Agency as a representative to the Cyber Safety Review Board — an incident investigation team that will work together to review significant cyber incidents and provide recommendations to improve cybersecurity and incident response, similar to the review boards that investigate airline accidents.
“This Executive Order places significant expectations on NSA based on our expertise in cybersecurity. We are called out specifically several times and have a notable role to play in this national level policy,” Mr. Joyce said. “We’re glad to see the renewed security focus across the community. We look forward to collaborating with our interagency partners, along with the private sector, to deliver on the requirements in the EO. In the end, it is all about the outcomes, better securing the Nation.”
The Executive Order also tasks NSA with aiding other U.S. Government partners in publishing guidance for vendor testing of software source code and establishing a standard playbook for planning and conducting vulnerability and cyber incident response for Federal civilian agency information systems. Further, the Agency will assist in recommending changes to Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation (DFAR) contract provisions to improve information sharing.
The EO also directs U.S. Government agencies, in the move towards cloud technology, to adopt a zero trust architecture. As the National Manager, NSA will support these efforts by continuing to guide zero trust adoption across NSS. NSA has previously released public guidance on adopting a zero trust mindset and architecture, and will continue to provide actionable and timely cybersecurity guidance to its partners.
“NSA has a huge quantity of expertise combined with technical depth in cybersecurity. We also have unique expertise— our classified insights into the adversaries and some of the code-making capabilities,” Mr. Joyce said. “What makes this an exciting moment in time is the national-level emphasis being put on this mission. NSA is working with the White House, the USG, the private sector, and other partners in new, transparent ways” he added.
For more information, review the EO here.