Biden signs cybersecurity memorandum for Defense Department, intelligence agencies

US President Joe Biden signed a memorandum on Tuesday concerning the cybersecurity of the Defense Department and the country’s intelligence agencies, sketching out exactly how an executive order he signed in May 2021 will be implemented. 

Government

“This NSM requires that, at minimum, National Security Systems employ the same network cybersecurity measures as those required of federal civilian networks in Executive Order 14028. The NSM builds on the Biden Administration’s work to protect our Nation from sophisticated malicious cyber activity, from both nation-state actors and cybercriminals,” the White House said. 

The memorandum goes into detail about how the executive order applies to national security systems and provides timelines for implementing things like multifactor authentication, encryption, cloud technologies, and endpoint detection services. 

Within two months of the memorandum, the head of each executive department or agency that owns or operates an NSS is required to update agency plans concerning cloud technology, and within 180 days, agencies need to implement multifactor authentication and encryption for NSS data-at-rest and data-in-transit. 

It also forces agencies to “identify their national security systems and report cyber-incidents that occur on them to the National Security Agency.”

The memorandum gives the National Security Agency broad powers to issue binding directives that force agencies to “take specific actions against known or suspected cybersecurity threats and vulnerabilities.” 

The White House noted that this directive was modeled after the Department of Homeland Security’s Binding Operational Directive authority for civilian government networks. The NSA and DHS will work together on certain directives and share information about requirements and threats. 

Additionally, the memorandum forces agencies to be aware of and secure cross-domain tools that allow agencies to transfer data between classified and unclassified systems. 

“Adversaries can seek to leverage these tools to get access to our classified networks, and the NSM directs decisive action to mitigate this threat. The NSM requires agencies to inventory their cross-domain solutions and directs NSA to establish security standards and testing requirements to better protect these critical systems,” the White House said.

The memorandum includes a range of other deadlines and orders for agencies working with sensitive information.

It comes on the heels of multiple warnings released by the Cybersecurity and Infrastructure Security Agency (CISA) about potential threats coming from Russia. CISA sent out a warning about potential Russian attacks on critical infrastructure and, this week, warned businesses working with Ukrainian organizations about potential cybersecurity issues. 

The country is still recovering from the SolarWinds scandal, which saw Russian hackers invade dozens of US agencies and spend months inside the country’s most sensitive information systems. 

Dozens of government agencies were hacked, including the Department of State, Department of Homeland Security; National Institutes of Health; the Pentagon; Department of the Treasury; Department of Commerce, and the Department of Energy, including the National Nuclear Security Administration. 

READ MORE HERE