National Security Improvements

0:00 with cyber security attacks on the rise

0:02 executive order

0:04 14028 highlights specific high impact

0:06 areas of cyber security that need to be

0:09 addressed and it provides prescriptive

0:11 guidance on how to do it

0:13 mike spanbauer director at juniper

0:15 security recently published a blog to

0:17 explain its significance so mike

0:20 the focus of the eo is to help protect

0:22 the nation's networks and critical

0:24 infrastructure what are the implications

0:26 across government including state and

0:28 local ah rick that's a great question

0:31 and certainly this is an exciting topic

0:33 as i do believe that the executive order

0:35 set out to provide effective guidance as

0:38 well as uh prescriptive measures that

0:40 the

0:41 federal groups involved would pursue in

0:44 order to better guide and support

0:47 security efforts uh throughout many

0:48 aspects of the nation's infrastructure

0:51 and so this particular executive order

0:53 came out last year in may

0:56 and in essence set forth some particular

0:58 steps for

1:00 uh really establishing better threat

1:02 intelligence sharing uh that's the

1:04 discovery of uh attacks both on uh an

1:07 entity as well as uh from that moment uh

1:11 you know any discovered vulnerabilities

1:12 or potential areas of exploitation uh

1:15 between groups and a whole series of

1:16 guidance there uh in addition uh updated

1:19 and stronger standards for cyber

1:22 security throughout

1:23 a number of federal entities and

1:25 agencies plus uh within that there's a

1:28 number of initiatives that include

1:30 zero trust architectures and certainly i

1:32 think words that many hear in context of

1:35 security but in terms of how

1:38 one goes about achieving uh zero trust

1:40 uh is is a you know quite a quite an

1:43 involved endeavor and there's elements

1:44 there uh beyond that software supply

1:48 chain security is a significant piece of

1:50 this and i think many have heard in the

1:52 news right these

1:54 threats that have existed within other

1:56 software that you're using well it's

1:58 certainly broad and

2:00 in this component of the eo

2:02 there are

2:03 elements of language that speak to this

2:06 software bill of materials or in essence

2:08 uh an index of what's in your software

2:12 that the uh

2:14 client or in this case right the

2:16 agencies can then index and look at

2:18 relative to you know activities and

2:21 actions that they need to take uh

2:23 measures on so so those are just a few

2:25 of the pieces uh that are that are

2:27 outlined within the eo and i think one

2:29 other piece that's actually very

2:30 important because it's also a great

2:32 practice for

2:33 uh enterprise organizations too which is

2:35 playbooks for uh incident response and

2:38 how you act or handle uh you know the

2:40 finding or discovery of either a

2:42 vulnerability or an incident itself

2:45 right that's when a threat

2:46 has landed there's some potential

2:49 exploitation or or data manipulations

2:51 that's occurred and and you're now you

2:54 know in the drill mode of responding to

2:56 said incident and this

2:59 playbook activity

3:01 speaks to

3:02 the need for the organizations to be

3:05 able to uh work within the context of

3:07 each other's as well as uh take you know

3:10 really consistent action throughout uh

3:12 their their uh their own needs and so

3:14 all of this works and seeks to

3:17 improve the investigation remediation

3:19 capabilities you know of the the

3:21 government the agencies involved overall

3:23 awesome and i mean like it sounds like

3:25 there's a ton to unpack in this

3:27 executive order um but you did bring up

3:29 supply chain and that many times does

3:31 affect like broader a broader set of

3:33 companies if people are working with

3:35 government what do they need to know um

3:37 in terms of like software supply chain

3:40 i also i think briefly first of all

3:43 right this concept of a software supply

3:45 chain is you know this code reuse and

3:47 leverage which frankly is just good

3:48 practices for efficiency right you know

3:51 libraries that are contributed by open

3:53 source or other mechanics that vendors

3:55 then use to expedite their own delivery

3:57 of software and in particular right

3:59 being able to tail out exactly which

4:02 libraries are used which versions of

4:04 said libraries are employed

4:05 as well as you know how the functions

4:07 are controlled because you can disable

4:09 or enable certain functions even if it's

4:12 you know open source or contributed

4:14 software that's all within the scope of

4:16 this and so vendors often have this

4:19 index today uh but part of what the ceo

4:22 seeks to help guide and really you know

4:25 provide visibility to is which software

4:28 components are where and ensuring that

4:30 uh when things are discovered right in

4:32 this this vulnerable world we are in uh

4:35 that the right agencies can take actions

4:38 to either patch or remediate or address

4:40 in some way uh you know the the software

4:42 so so there's not yet explicit uh

4:45 contract language uh but we're expecting

4:47 uh within the next you know a few months

4:50 uh here in the middle of 22 to find some

4:53 of that as slow downs uh from from the

4:56 agencies that are guiding this effort to

4:58 vendors to

5:00 support and and really address this

5:01 initiative well mike thanks for joining

5:04 and explaining the significance this

5:05 executive order has on improving cyber

5:08 security at the national level and it

5:10 sounds like several of the items will

5:11 also benefit other sectors and markets

5:13 as well

5:14 so to read mike's blog post or watch his

5:16 webinar check out the links below and

5:18 while you're on the feed please take

5:19 some time to soak up a little industry

5:21 knowledge

5:22 thank you