US President Joe Biden on Tuesday signed a memorandum regarding the cybersecurity of the Department of Defense and the country’s intelligence agencies, outlining exactly how an executive order he signed in May 2021 will be implemented.
“This NSM requires that, at a minimum, national security systems use the same network cybersecurity measures required for federal civilian networks in Executive Order 14028. The NSM builds on the work of the Biden administration to protect our nation from sophisticated malicious cyber activity, from both state actors and cybercriminals,” the White House said.
The memorandum details how the executive order applies to national security systems and provides timelines for implementing things like multi-factor authentication, encryption, cloud technologies and endpoint detection services.
Within two months of the memorandum, the head of each executive department or agency that owns or operates an NSS is required to update the agency’s plans regarding cloud technology and within 180 days, agencies are required to implement multi-factor authentication and encryption for NSS data at rest. and data in transit.
It also requires agencies to “identify their national security systems and report cyber incidents that occur on them to the National Security Agency.”
The memorandum gives the National Security Agency sweeping powers to issue binding directives that require agencies to “take specific action against known or suspected cybersecurity threats and vulnerabilities.”
The White House noted that this directive draws on the authority of the Department of Homeland Security’s Binding Operational Directive for Civilian Government Networks. The NSA and DHS will work together on certain guidelines and share information on requirements and threats.
Additionally, the memorandum requires agencies to be aware of and secure cross-domain tools that allow agencies to transfer data between classified and unclassified systems.
“Adversaries may seek to leverage these tools to gain access to our classified networks, and the NSM is leading decisive action to mitigate this threat. The NSM is asking agencies to inventory their cross-domain solutions and directing the NSA to establish security standards and testing requirements to better protect these critical systems,” the White House said.
The memorandum includes a series of other deadlines and orders for agencies working with sensitive information.
This follows several warnings issued by the Cybersecurity and Infrastructure Security Agency (CISA) about potential threats from Russia. CISA issued a warning about possible Russian attacks on critical infrastructure and this week warned companies working with Ukrainian organizations of potential cybersecurity issues.
The country is still recovering from the SolarWinds scandal, which saw Russian hackers invade dozens of US agencies and spend months inside the country’s most sensitive information systems.
Dozens of government agencies have been hacked, including the State Department; Department of Homeland Security; National Institutes of Health; the Pentagon; Treasury Department; Commerce Department ; and the Department of Energy, including the National Nuclear Security Administration.