CIOs who overlook the US government’s cybersecurity orders do so at their peril — and that of their enterprise. That’s what former US Cybersecurity and Infrastructure Security Agency (CISA) director Chris Krebs stressed during his keynote presentation at Gartner IT Symposium/Xpo last week.
Remarking on the Biden administration’s cybersecurity executive order signed last May, Krebs said CIOs should worry less about meeting the initial order’s basic regulatory compliance for security and instead harden their infrastructure as much as possible in anticipation of escalating attacks and additional cybersecurity orders in the future.
“Critical industries — those that really do tie into the continuity of the US economy — [are at risk] and I expect, based on some of the events of the last couple of years, that we will see an enhancement of those compliance regimes,” Krebs said. “You don’t want to end up in an environment that is just a checklist-based approach because you’re spending money that could go for security programs.”
Amid highly publicized attacks such as the compromise of SolarWinds at the end of last year and ransomware attacks at Colonial Pipeline and JBS meat packers, which paid $11 million to cybercriminals, the Biden Administration in May issued an executive order that includes new mandates for software procurement and adopting multifactor authentication architectures, as well as a series of other requirements to safeguard public and private assets.
The recently created CISA joins the CIA, FBI, National Security Agency, and National Security Council in coordinating and broadening public-private partnerships and in enforcing the executive mandates because all cyberattacks threaten national security, Krebs said.