Much has been said about the new Executive Order (EO 14028), Improving the Nation’s Cybersecurity, released earlier this month (covered in the Security & Resilience Update for May 13, 2021). And if you have had time to read the EO, then feel free to move to the next write-up. However, those of us who haven’t reviewed it and what it could mean beyond federal networks, may find a series by aDolus Inc. and ICS and SCADA security expert, Eric Byers interesting. aDolus is running a series that breaks down the sections of the EO and summarizes them into their relevant bits and timelines with key commentary by Eric. Recently, they posted a review of Section 2: Removing Barriers to Sharing Threat Information that is especially interesting to ISACs, including WaterISAC.
According to the post, aDolus points out that the thirteen directives in section 2 point to a single main objective: ”Removing any contractual barriers and requiring providers to share breach information that could impact Government networks...” In other words, to make certain that all U.S. government contracts require service providers to collect and share cyber event information with U.S. agencies. Sadly, this flow of information sharing seems to be written as unidirectional from private industry to the government, but we'll see how things develop. For more on the breakdown, check out the on-going series at aDolus.