President Barack Obama recently handed down a new executive order that aims to better protect data stored on and accessed through federal information networks.
With the new policy, the President said he is aiming to prevent the costly effects of a federal agency suffering a data breach caused either by a cyberattack or a malicious insider. Those and other threats are addressed in the executive order.
"These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the federal government," the mandate from the President stated.
Not only does the order call for federal agencies to take on greater responsibility when it comes to data security, but it also urges them to share and provide information that can be used for assessing their compliance with the new security policy and standards.
This is certainly not the first time that President Obama has taken aim at improving cybersecurity efforts. He addressed the nation on the issue shortly after taking office in the spring of 2009.
It appears that the new executive order is most geared toward preventing insider data breaches. In addition to the information sharing mandate, the policy also implements a threat detection and prevention program geared specifically toward insider attacks. Such efforts will be carried out by the Insider Threat Task Force, according to the President.
"There is established an interagency Insider Threat Task Force that shall develop a government-wide program (insider threat program) for deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure," according to the order.
This portion of the executive order appears to address the prevention of incidents similar to the massive cyberattack suffered by the U.S. Central Command network in 2008. The cyberattack, which was not confirmed by the Department of Defense until August of last year, was launched through an infected USB flash drive.
The drive included malicious code for a worm named agent.btz that caused a widespread infection of government systems. It took officials nearly 14 months to completely eradicate the worm, and the incident led to the U.S. military banning the use of USB flash drives. That policy has since been modified, but use of the devices remains restricted.
Data Security News from SimplySecurity.com by Trend Micro