The May 12, 2021 Executive Order (EO) on Improving the Nation's Cybersecurity put a national focus on the importance of protecting U.S. businesses and critical infrastructure from cyberattacks.
The EO aims to improve software supply chain security and decrease barriers to information sharing across public and private sectors, among other goals.
The "Impact Assessment: Cyber EO Year One" report from MeriTalk and underwritten by AWS, CrowdStrike and Zscaler surveyed 160 federal cybersecurity leaders to determine the executive order's impact on the federal cybersecurity space. Cyber professionals from the Department of Defense (DoD), U.S. intelligence agencies and civilian agencies shared how the EO has affected their organizations' cybersecurity strategies in its first year.
Cybersecurity impacts of the executive order
The impact assessment found that 99% of federal cybersecurity professionals believe the EO is making progress toward its goals, including modernizing cybersecurity practices, improving vulnerability identification, and boosting a cybersecurity-minded culture in federal agencies.
In addition, 78% of respondents said that the 2021 cybersecurity EO included needed steps for the protection of the United States' cyber assets.
Moving forward with the EO
The Executive Order on Improving the Nation's Cybersecurity urged federal agencies to adopt zero trust frameworks to bolster cybersecurity. Ninety-six percent of federal cyber leaders indicated that zero trust strategy is somewhat or very helpful, but 67% of respondents believe the three-year implementation window outlined in the EO is unrealistic. What's more, only 14% of respondents said they have all funding needed to fulfill the cybersecurity EO requirements.
The report highlighted three recommendations for federal cybersecurity practitioners:
- Allocating resources toward national security: This could include upping recruitment efforts and automating repetitive security tasks, according to the report.
- Getting all agencies up to speed: For those agencies that have been slower to adopt executive order requirements, cyber leaders such as chief information security officers (CISOs) and chief information officers (CIOs) should host monthly progress meetings to ensure implementation efforts are on track.
- Stay proactive: Federal cybersecurity initiatives can remain successful by addressing past problems, such as a lack of budget, staff and secure public-private partnerships as they move forward with the EO. Foregrounding information sharing and collaborating with vendors may be helpful to federal agencies, according to the report.
For more report findings, click here.