In early May, President Biden signed the CyberSecurity Executive Order on Improving the Nation’s Cybersecurity. This pivotal CyberSecurity Executive Order was propelled by a series of major cyberattacks on critical U.S. entities, including the recent attack on Colonial Pipeline that severely disrupted East Coast infrastructure. The executive order follows on the heels of the SolarWinds hack, which impacted numerous U.S. government agencies. Cyberattacks targeting critical infrastructure, including federal systems, heighten the threat to national security, making the CyberSecurity Executive Order essential for reinforcing the nation’s defense.
The CyberSecurity Executive Order aims to bolster federal cybersecurity through initiatives from both public and private sectors. This includes significant enhancements to current practices, as well as introducing new measures to address today’s threat landscape—particularly the convergence of Information Technology (IT) and Operational Technology (OT).
Tackling IT/OT Convergence
Tackling IT/OT convergence is crucial. Not only does the integration cause notable cybersecurity vulnerabilities, but it is critical infrastructure that tends to operate in such an environment.
The executive order, in its introductory comments, highlights the need for partnership between the federal government and private sector actors. Some aspects of the order are specific to federal agencies. However, their interconnectedness with private entities means everyone can benefit from adopting these measures outlined by the Biden administration. It is likely only a matter of time until these measures become mandatory for everyone.
Therefore, it is crucial to understand the executive order and, more importantly, how to comply with it. We are here to help with both.
Enhancing Network Visibility and Detection
A major emphasis of the CyberSecurity Executive Order is on improving the detection of cybersecurity vulnerabilities and incidents within government networks. Specifically, the executive order mandates “increasing visibility into and detection of vulnerabilities and threats to agency networks.” While network security solutions help provide this visibility, they often overlook protection at the hardware or Physical Layer level, leaving enterprises vulnerable to hardware-based attacks and Rogue Devices.
Malicious devices, such as Spoofed Peripherals and Network Implants, operate on the Physical Layer, bypassing standard network security solutions. These Rogue Devices can execute harmful attacks that compromise network security, highlighting the need for Physical Layer visibility as part of comprehensive cybersecurity. Full device visibility at Layer 1 (Physical Layer) is crucial for securing an organization’s network from the ground up.
The Zero Trust Approach
By starting at the bottom (i.e., the first of the OSI Layers), organizations are more equipped to comply with other aspects of the executive order. The Order specifies the need for federal agencies to adopt a Zero Trust approach.
Zero Trust addresses the reality that threats can occur within an entity’s environment. Therefore, it significantly restricts network access, even to those operating from within. However, Zero Trust is a data-based security model rather than a tool itself. Hence, it relies on various data inputs to make access decisions. When an asset makes an access request, the Zero Trust Architecture (ZTA) must obtain information about the requesting asset and compare such information with the pre-defined access policies.
The functionality of the Zero Trust Architecture relies on the ability to detect and correctly identify a requesting asset. This can only be achieved with Physical Layer visibility. Without such visibility, Rogue Devices can bypass or completely evade (Network Implants) policy enforcement. This leaves the agency’s network just as exposed to hardware-based attacks as it was before Zero Trust adoption. While this specific measure applies to government agencies, other entities would also benefit from adopting Zero Trust and Physical Layer visibility. This is especially true for those with government contracts. These measures greatly enhance an organization’s network security.
Sepio Supporting Compliance with the CyberSecurity Executive Order
Sepio’s platform provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks. As the leader in rogue device mitigation, Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.
Sepio’s platform uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of each device. It then compares this fingerprint against known fingerprints. This process enables Sepio to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure.
In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends best practice policies. It allows the administrator to define a strict or more granular set of rules for the system to enforce. When a device breaches the pre-set policy, Sepio automatically initiates a mitigation process. This process instantly blocks unapproved or Rogue hardware.
Additionally, Sepio aids compliance with Section eight of the CyberSecurity Executive Order, which mandates robust data collection and analysis to enhance incident investigation and remediation. Sepio logs all hardware asset details, maintaining data per defined retention policies to support thorough investigations.
With evolving threats, federal agencies, critical infrastructure providers, and other organizations must continue refining their cybersecurity strategies. Technology advances have brought both benefits and vulnerabilities, intertwining physical security with cybersecurity to protect national interests.
Ready to strengthen your cybersecurity? Discover how our solutions align with the latest CyberSecurity Executive Order. Schedule a demo.
