In May 2021, following several high-profile cyberattacks affecting both the Federal government and U.S. commercial entities, the Biden administration issued Executive Order 14028 (EO 14028), “Improving the Nation’s Cybersecurity,” to help protect the country’s critical infrastructure and the Federal government’s networks.
EO 14028 outlined a bolder stance to cybersecurity that included several important mandates:
- Remove barriers to threat information between the government and private sector.
- Modernize and implement stronger cybersecurity standards in the Federal government.
- Create a standardized playbook for responding to cybersecurity vulnerabilities and incidents.
- Improve the investigative and remediation capabilities of federal departments and agencies.
Now we are beginning to see follow through from EO 14028 in two important developments: the passage of the new National Defense Authorization Act 2022 (NDAA) and the President’s signing of the National Security Memorandum to Improve the Cybersecurity of National Security, Department of Defense (DoD), and Intelligence Community Systems.
The NDAA is an annual bill that specifies the budget, expenditures, and policies of the U.S. DoD. This year, the bill allocates nearly $117 billion (out of a total $768 billion) to finding new science and technology breakthroughs. Several provisions, shown in the graphic below, specifically focus on cyber governance and the use of AI and other emerging technologies by the DoD.
National Defense Authorization Act 2022 – Key Cybersecurity Provisions
The Cybersecurity National Security Memorandum, issued January 2022, requires that the National Security Systems employ the same enhanced network cybersecurity measures as those required of federal civilian networks as outlined in EO 14028. It further includes provisions summarized below.
National Security Memorandum – Cybersecurity Requirements
These recent steps taken by the current administration are evidence of an increasingly proactive and assertive governmental posture toward cybersecurity, covering both government agencies and elements of the private sector. They also suggest a growing awareness across the Federal government of the importance of collaboration with private technology providers. This is reflected in governmental efforts to reduce contracting barriers and improve public-private cooperation in the development and application of new technologies to protect the nation’s critical systems and data.
With this momentum from the Federal government, opportunities for new, innovative providers of cybersecurity services and related technologies are expected to rise significantly over the near-term. Our team continues to track the evolution of U.S. government policies in this space, the resulting opportunities, and the companies best positioned to drive national cybersecurity forward.