The White House released a long-awaited executive order on cybersecurity last week that shows a focus on protecting federal agencies and critical infrastructure from cyber intrusions but left the private sector wondering what role it can play in the future.
The order noted that the federal government “has for too long accepted antiquated and difficult–to-defend IT. Effective risk management involves more than just protecting IT and data currently in place. It also requires planning so that maintenance, improvements, and modernization occur in a coordinated way and with appropriate regularity.”
Among other provisions, the order requires the use of the previously voluntary National Institute of Standards and Technology (NIST) cyber framework by federal agencies and critical infrastructure entities. It also promised that agency heads would be held accountable for the cyber measures put in place.
“You do want the government to practice what it preaches,” said Ben Beeson, head of Lockton’s cyber risk practice. “It can only help promote the NIST framework to the private sector. The NIST framework is something we welcome and would like to see our clients adopt as best practices.”