In response to current risks that face data in federal agencies, the Presidential Executive Order 13636 was signed. This Executive Order contains guidelines covering how cybersecurity compliance should be followed in Federal Agencies. It was signed on May 11, 2017, and it primarily covers the strengthening of Cybersecurity standards in Federal Networks and other critical infrastructure.
Executive Order 13636 will impact more than just federal agencies. While non-governmental companies aren’t legally obligated to follow these guidelines, you will find that any policies put in place by a regulatory body tend to spread far beyond the targeted entities. Your business should remain up to date with what this Executive order stipulates so you can maintain agile operations moving forward.
What the cybersecurity Executive Order entails
Executive Order 13636 has three main sections. Section 1 covers agency IT and data protection. This section of the order emphasizes that heads of various federal agencies and departments should have a certain level of accountability for keeping data secure. The order also stipulates a Framework for carrying out the risk assessment.
The second section of Executive Order 13636 is aimed at improving the current infrastructure with regards to cybersecurity. In particular, the order covers elements such as electricity disruptions, botnets, and the status of the defense industrial base.
Section 3 of this Executive Order is aimed at establishing an outside perspective with regards to current federal cybersecurity standards. In line with this goal, section 3 covers reviewing of the country’s infrastructure and how data can be better protected across various industries. Section 3 also covers proper training of cybersecurity employees to increase safety standards moving forward.
Impact of the Cybersecurity Executive Order on non-governmental agencies
You may be wondering why you should be aware of this new Executive Order even if it doesn’t directly impact your business. Remember that any actions carried out by regulatory bodies become a “standard of behavior”, a precedent which many companies are expected to follow.
In addition, following this Executive Order allows you to determine what the expectations for data security will be moving forward. You can use these guidelines as a benchmark for ensuring that your business keeps up with cybersecurity standards. And if any new legislation were to be adopted with regards to data safety, it would likely borrow a lot from this Executive Order.
The Cybersecurity Order and NIST: What you should know
Currently, Executive Order 13636 directs federal agencies to use NIST and to comply with its guidelines. While these guidelines don’t apply to Non-governmental agencies, they do form a solid foundation for future legislation down the line.
Executive Order 13636 was signed just ten days after another Executive Order that directed the creation of the American Technology Council (ATC). In a nutshell, this order was signed as part of an overarching effort to review and eventually set policies regarding governmental technology. These recent Executive Orders will form a precedent for policies aimed at improving technology levels and the safety of federal data.
The use of NIST in Executive Order 13636 also adds more direct accountability to federal agency heads. Directly involving management provides a more efficient framework for cybersecurity steps to be implemented.
Why you should care
Many of the immediate guidelines put in place by this new Executive Order don’t apply directly to non-federal agencies. However, things might change in the long term. It is wise to remain informed regarding how governmental agencies are increasingly focusing on cybersecurity.
Executive Order 13636, along with GDPR, all point towards a trend where future legislation may focus on cybersecurity in a wide range of businesses. GDPR is already evidence of such a trend. GDPR covers the standardization of information security in all businesses that work with EU citizens. This extensive legislation aims to set a standard for how data security is handled across all companies.
Similarly, Executive Order 13636 forms an early precedent for more thorough regulations in the future.
How you can prepare your business to respond to this new Cybersecurity Order
Currently, cybersecurity requirements are random and disorganized. Many different standards and regulations vary across industries, lacking a common framework that any business can reliably follow. And because cybersecurity threats are on the rise, there is increasing attention/pressure on the government to map the way forward.
In the best interests of your company, you should maintain an agile response. The government is turning a close ear on cybersecurity, and you shouldn’t be left behind if new guidelines are put in place moving forward. Your goal should be to remain informed and prepared for changes in the future.
One of the best ways you can do this is by implementing an automated framework. Rather than using spreadsheets to keep track of guidelines and compliance, you should shift to a platform that allows you to maintain real-time visibility. Automation also creates a consistent and reliable framework for monitoring cybersecurity practices and areas of concern moving forward.
Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT. Learn more at ReciprocityLabs.com.