The devil is in the details of Biden’s cybersecurity executive order

In response to the increasing cyberthreats and widespread security vulnerabilities businesses are facing today, the U.S. Securities and Exchange Commission (SEC) now considers cyber vulnerabilities to be an existential business risk, according to Harvard Business Review. In an effort to address the intensifying threats, President Joe Biden issued an executive order on improving the nation’s cybersecurity on May 2021.

In August, Gary Alterson, VP of Security Solutions at Rackspace Technology and Brad Schulteis, Senior Director of Global Government Solutions at Rackspace Technology shared their thoughts on the executive order and its potential to enact real change in cybersecurity across the United States.

“Any organization can look at the executive order and say this is a great blueprint for how to improve our cybersecurity,” said Alterson. “The government used industry experts well and has some smart people working on the problem. However, the devil is in the details.”

Schulteis added: “System administrators are used to getting plans that include goals, steps, timeframes and budgets. But this executive order just has goals. It’s a great starting point, but needs more details to become truly impactful.”

In their 40-minute Cloud Talk discussion, the technology leaders shared their thoughts on the good, the bad and the ugly of the executive order’s 11 provisions:

• Establishing a cybersecurity safety review board within government is a brilliant idea with the potential for meaningful outcomes
• A government playbook for cybersecurity response is a worthy objective if it’s standardized for all industries
• The order doesn’t address the ramifications of removing barriers to sharing threat information, such as costs and customer safety
• If organizations implement broad zero trust, they risk breaking things that have worked for decades
• There is not a clear plan for legacy systems such as getting exceptions
• Improving the detection of cyber vulnerabilities is complicated and requires advanced technologies, like AI and machine learning
• The order would be better served by first standardizing a plan and then improving the plan overtime

Overall, both experts agree that the executive order is a good blueprint but lacks a clear plan, including budget and timeframe.

“The executive order is well intended and certainly the right thing to do,” stated Alterson. “But it’s also hitting the limits of an executive order, which is the need for funding, which only Congress can allocate. Without congressional funding, agencies themselves will have to figure out how to fund these initiatives. I’d love to see some follow up with funding for agencies to carry out the provisions.”

In addition to funding, Schulteis would also like to see more realistic timelines beyond the executive orders of 45 to 90 days. “The agencies are being asked to take action immediately, but government doesn’t work that fast. There needs to be a healthy balance between the speed required to take action and the reality of how complex even one of these provisions will be to execute.”

Gary, Schulteis and host CTO Jeff DeVerter ended this discussion with an agreement to reassess the progress of the executive order in the coming months.

Cloud Talk covers topics like multicloud, digital transformation, containers and Kubernetes, IoT, edge computing, data and more. Episodes are short and sweet — around half an hour — and available from Apple Podcasts, Spotify, Stitcher and anywhere else podcasts can be found.