Categories
Company News

Biden’s National Security Memo – What You Need To Know

On Wednesday, January 19, 2022, President Joe Biden signed a national security memorandum (NSM) with the objective to improve cybersecurity across the Department of Defense (DoD) and the intelligence community (IC). The memo builds on Biden’s cybersecurity executive order, issued in May 2021, by laying out a roadmap on how he intends to improve cybersecurity across the federal government. It comes on the heels of multiple warnings released by the Cybersecurity and Infrastructure Security Agency (CISA) about potential threats coming from Russia, demonstrating the immediate need for up-to-date cybersecurity requirements.

 

The Plan

The goal is to bring cybersecurity requirements for military agencies and the IC in line with those for civilian agencies. It sets specific guidelines for agencies to adopt including: zero-trust architecture implementation plans, cloud technologies, multifactor authentication, and encryption. It also gives the National Security Agency (NSA) the authority to issue operational directives on cyber issues.

 

The Requirements

Cloud Technology

Agencies should update existing agency plans to prioritize resources for the adoption and use of cloud technology.

Zero Trust Architecture

Agencies must develop a plan to implement Zero Trust Architecture. The plan may include: NIST Special Publication 800-207 Guidance, CNSS instructions, and/or other relevant CNSS instructions, directives, and policies regarding enterprise architectures, insider threats, and access management.

Cryptographic Protocols

Agencies must ensure widespread cryptographic interoperability among NSS using NSA‑approved, public standards-based cryptographic protocols or NSA-approved mission unique protocols.

Collaboration

All agencies will coordinate and collaborate on cybersecurity and incident response activities related to NSS commercial cloud technologies.

 

The Timeline

The head of each executive department or agency that owns or operates a national security system (NSS) is required to update agency plans concerning cloud technology within 60 days. Agencies must implement multifactor authentication and encryption for NSS data-at-rest and data-in-transit within 180 days. Departments and agencies are also required to notify the National Manager, the NSA, of known or suspected incidents or compromises of NSS. This directive is modeled on the Department of Homeland Security’s (DHS) Binding Operational Directive for civilian government networks.

Too often the assumption is that because military or IC agencies deal with national security data, they’re inherently more secure and covered by greater levels of protection. This NSM makes it explicit that the same elements of basic cyber hygiene are necessary for both non-NSS government networks as well as national security networks.

CDT has worked with several agencies to build systems and improve network security. With increased focus on cybersecurity and new timelines in place, agencies will need to improve and modernize their security models quickly. Reach out and let us know how we can help.

 

info@cyberdefensetechnologies.com
www.linkedin.com/company/cyber-defense-technologies
www.facebook.com/CDTLLC
www.twitter.com/CDTLLC