With our footprint of research across the cybersecurity sector over the past decade, we have valued Executive Orders from respective Presidents that strengthen the context for taking required actions to provide protection against cyber threats. Our research several years ago, for example, highlighted the systematic weaknesses across the government sector, with ransomware being the threat of highest concern. On page 11 of our 2021 report, we said in relation to the United States:

The Biden administration is placing increasing emphasis on developing resilience in the face of cybersecurity threats against the government and other industry sectors. Ransomware is a key concern, considering recent disruption to critical infrastructure such as the Colonial Pipeline and JBS attacks. While there is a high focus on better securing government agencies, the administration is also directing American businesses to take cyberthreats and ransomware seriously. Many of the directives parallel what is required of government agencies. Three specific initiatives from the United States government are:

• Executive Order on Improving the Nation’s Cybersecurity
  Issued in May 2021, Executive Order 14028 mandates improved information sharing on cybersecurity between the U.S. government and the private sector, requires stronger cybersecurity standards within the federal government (e.g., widespread adoption of multi-factor authentication, encryption, and zero trust), removes current barriers for service providers to share threat intelligence, elevates the importance of security in the software supply chain (including visibility into software composition), and establishes the Cyber Safety Review Board to analyze significant cyber incidents and make recommendations, among others. The administration is working with private sector organizations to improve the nation’s cybersecurity readiness, has
  secured significant commitments from Apple, Google, Microsoft, and Amazon, and is working with others to address the cybersecurity skills shortage.
• Joint Cyber Defense Collaborative (JCDC)
  Part of the Cybersecurity & Infrastructure Security Agency (CISA), the JCDC was created in 2021 to lead the development of cyber defense plans in the United States to safeguard critical infrastructure and national interests. Its mission includes working with private and public sector organizations.
• StopRansomware.gov
  Multiple federal government agencies, including the Department of Homeland Security and the Department of Justice, launched a one-stop resource for combating ransomware. Released in mid-July 2021, the website consolidates the ransomware resources from all federal government agencies into a single location, replacing the previous approach of resources being distributed across a variety of locations.

While we didn’t state it in these words at the time, we were applauding the actions of the Biden Administration to strengthen the fabric of cybersecurity as it affected government agencies and the private sector.

CISA gets a mention above. CISA wasn’t created by President Biden. That was an action taken by President Trump in November 2018 via the CISA Act, where an existing program inside the Department of Homeland Security was reorganized and rebranded. The leader of the earlier DHS program – Christopher Krebs – was appointed the first director of CISA. Over the next several years, CISA took an activist role in championing for heightened cybersecurity across the United States (and beyond). Our research has referenced the following articles and updates from CISA:

• CISA Launches Campaign to Reduce the Risk of Ransomware
• Alert AA20-345A – Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
• Joint Cyber Defense Collaborative
• Executive Order on Improving the Nation’s Cybersecurity
• Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities
• Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
• Shields Up
• Selecting a Protective DNS Service
• StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
• CISA, EPA, and FBI Release Top Cyber Actions for Securing Water Systems
• ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System
• FY22 Risk and Vulnerability Assessments (RVA) Results
• CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
• CISA Analysis: Fiscal Year 2022 Risk and Vulnerability Assessments

There was a lot more in addition to the above list that CISA did in providing leadership and direction, and as with the actions above from the Biden Administration, we applaud their contributions.

Our hands are not clapping for the recent Presidential Memoranda targeting Christopher Krebs, SentinelOne, and CISA. Christopher Krebs earlier bore the public brunt of President Trump’s ire after disagreeing with the President on the security of the 2020 election, a stance for which he was fired from his director position at CISA via Twitter. Five years later, President Trump appears to seek additional retribution for this stance against Krebs personally, even though the overwhelming weight of evidence after 60 court cases on alleged election fraud backs Krebs not Trump.

This Presidential Memoranda is very bad form, in bad taste, and opens the door to a President throwing the weight of the US Government against a named individual who is perceived as an opponent. This is not behavior consistent with what we want our children to view as appropriate for the President of the United States.

The Presidential Memoranda and all related statements should be rescinded immediately, the consequential active investigation into Christopher Krebs cancelled forthwith, and the sanctions against Krebs and SentinelOne lifted.

On one point, however, we do agree with a statement in the Presidential Memoranda, albeit with a wording change. The directive to “do a comprehensive evaluation of all of CISA’s activities over the last 6 years” is a worthwhile activity. The wording change, however, is that it should not focus on points where conduct “appears to have been contrary to the purposes and policies in Executive Order 14149.” A much better standard would be alignment with the major cybersecurity challenges facing the United States over the next 20 years, which includes election security and countering the proliferation of disinformation and misinformation that undermine election integrity. This would position the agency for ongoing relevance over the long-term, not one that is weakened by short-term partisan vendettas.

Presented on December 2, 2021

Government entities face a plethora of cybersecurity challenges. Ransomware, especially against critical infrastructure, is of the utmost importance to protect against. Because traditional cybersecurity solutions leave governments in reactive mode, many agencies are underprepared for the challenge. 

Join this discussion with Virsec’s Kevin Jones, and Osterman Research’s Michael Sampson, to explore the current state of cybersecurity threats, preparedness, and protection capability in the government sector. Learn how Virsec can help protect your agency against ransomware attacks that target runtime. We’ll share how Virsec Security Platform takes a deterministic approach to protect software, locking out the attacker before they can execute their malicious intent.

Presented on October 20, 2021

Government entities face a plethora of cyber threats that are becoming more sophisticated and targeted. The threat of the highest concern is ransomware attacks against critical infrastructure organizations. For example, this year we’ve seen attacks on gas supply with the Colonial Pipeline attack, on meat supply with the JBS attack, and on public transportation with the New York City Metro attack. 

Governments around the world are now taking a more activist approach to managing cyber threats. In the US, Biden’s cybersecurity EO is pushing government agencies and private organizations to improve their cybersecurity postures and act rapidly to implement Zero Trust. This means investing in cybersecurity solutions and adopting stronger approaches to identity access management (IAM), such as multi-factor authentication (MFA), single sign-on (SSO), adaptive authentication, and biometrics. 

In this webinar, we will explore the current state of cybersecurity threats, preparedness, and response capability in the government sector, and offer solutions for improving cybersecurity in government. 

In this webinar, based on the research performed by Osterman Research, we will address the following:

• Types of threats targeting state & local organizations
• Why is this industry so attractive to malicious actors
• What attack trends to expect next
• How can state & local organizations avoid being the next victim

Michael Osterman, CEO and Founder of Osterman Research, will host this interactive session. He will present the findings of his firm’s latest research, provide his expert advice on how to become more proactive in identifying and thwarting threats, and answer your questions.

Register to watch the recording

Sponsored by Acalvio, Avanan, KnowBe4, Nyotron, Skybox Security, Trustwave, Yubico and Zix

Executive Summary

State and local governments, municipalities, city councils, local law enforcement agencies, federal government agencies, and other government entities – collectively the government sector – are under attack from cyber criminals and nation-states. Threats from ransomware, business email compromise, phishing and other security threats are relentless, and 2019 has been a banner year for various types of attacks against government.

This white paper explores the current state of security threats in the government sector today and offers direction for government decision-makers and influencers wanting to increase the effectiveness of their security capabilities.

Request a Copy