Unfinished tasks persist in the White House's cybersecurity executive order

The Executive Order on Improving the Nation's Cybersecurity, issued by the Biden administration last year, has set a path for enhancing software security and implementing zero-trust standards across federal agencies. Major software developers like Microsoft, Google, and Apple have publicly supported the initiative and taken steps to strengthen software security.

According to a study from MeriTalk, sponsored by AWS, CrowdStrike, and Zscaler, two-thirds of federal cybersecurity decision makers find the three-year timeline for the Office of Management and Budget's (OMB) zero trust strategy unrealistic. However, the OMB's federal zero trust strategy has near-unanimous support from federal cybersecurity decision makers.

The Secure Software Development Framework, published by NIST in February, outlines 14 high-level tasks across four secure development practices and establishes specific requirements for software vendors and internal agency development teams. Dale Gardner, Gartner senior director analyst, cited this publication as a significant development in software security.

Despite the progress, many federal officials see significant challenges in achieving zero trust goals. A lack of sufficient IT staff and the need to replace legacy infrastructure are among the main obstacles. Almost two-thirds of federal officials expect to achieve zero trust goals by the goal date of 2024, according to a separate study from General Dynamics Information Technology.

Microsoft has made significant investments to enhance software security and boost transparency with the open source community. The company's corporate vice president and CISO, Bret Arsenault, sees the Executive Order as a means for deeper collaboration between agencies and software providers.

Industry experts believe significant progress has been made in raising software security standards due to the Executive Order. Key federal agencies, including OMB and NIST, have been effective in creating requirements and supporting guidance to enhance software security.

SolarWinds, a company that experienced a significant cyberattack last year, believes that the public-private partnership is essential to meeting the cyberthreats that face us in today's world. Chip Daniels, head of government affairs at SolarWinds, stated that the company fully supports the EO and has been collaborating with its federal customers to facilitate its implementation. After the lessons learned over the last 18 months, SolarWinds believes that this public-private partnership is crucial for addressing current cyber threats.

The Secure Software Development Framework and the support from major software developers mark a significant step forward in achieving the goal of zero trust cybersecurity in federal agencies. However, the challenges remain, and collaboration between government and industry will be key to overcoming them.