President Biden signed a National Security Memorandum (NSM) to improve the cybersecurity of National Security, Department of Defense (DoD) and Intelligence Community Systems.
The Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems or NSM-8, requires that, at minimum, National Security Systems employ the same network cybersecurity measures that are required of federal civilian networks outlined in Improving the Nation’s Cybersecurity Executive Order (EO 14028).
The memorandum is another step in validating the need to map the network requirements for civilian federal agencies under the E.O. 14028 across applicable national security systems in an effort to standardize cybersecurity requirements for military agencies and the intelligence community with civilian agencies.
The memorandum also provides the National Security Agency authority to issue binding operational directives on cyber issues which will mirror the civilian agency directives issued by the Department of Homeland Security.
The complete NSM-8 memorandum is available to view at www.whitehouse.gov/briefing-room/presidential-actions/2022/01/19/memorandum-on-improving-the-cybersecurity-of-national-security-department-of-defense-and-intelligence-community-systems/, key points are outlined below.
Specifies how the provisions of EO 14028 apply to National Security Systems.
The President’s May 2021 Executive Order required that the government “shall adopt National Security Systems requirements that are equivalent to or exceed the cybersecurity requirements set forth in this order.” Consistent with that mandate, this NSM establishes timelines and guidance for how these cybersecurity requirements will be implemented, including multifactor authentication, encryption, cloud technologies, and endpoint detection services.
Improves the visibility of cybersecurity incidents that occur on these systems.
It requires agencies to identify their national security systems and report cyber incidents that occur on them to the National Security Agency, which by prior policy is the “National Manager” for the U.S. government’s classified systems. This will improve the government’s ability to identify, understand, and mitigate cyber risk across all National Security Systems.
Requires agencies to act to protect or mitigate a cyber threat to National Security Systems.
The NSM authorizes the National Security Agency, through its role as National Manager for National Security Systems, to create Binding Operational Directives requiring agencies to take specific actions against known or suspected cybersecurity threats and vulnerabilities. This directive is modeled on the Department of Homeland Security’s Binding Operational Directive authority for civilian government networks. The NSM directs NSA and DHS to share directives and to learn from each other to determine if any of the requirements from one agency’s directive should be adopted by the other.
Requires agencies to secure cross domain solutions – tools that transfer data between classified and unclassified systems.
Adversaries can seek to leverage these tools to get access to our classified networks, and the NSM directs decisive action to mitigate this threat. The NSM requires agencies to inventory their cross-domain solutions and directs NSA to establish security standards and testing requirements to better protect these critical systems.
“I applaud President Biden for signing this order to improve our nation’s cybersecurity,” said Senate Intelligence Committee Chair Mark Warner. “Among other priorities, this National Security Memorandum requires federal agencies to report efforts to breach their systems by cyber criminals and state-sponsored hackers.”
The Memorandum is another step in the Biden Administration’s focus on modernizing the nation’s cyber defenses and prioritize protecting federal networks.
Related Links
- White House – Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems
- White House – Fact Sheet: President Biden Signs National Security Memorandum to Improve the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems
Related Articles
- Three New Cybersecurity Bills Pass the House
- President Biden Signs K-12 Cybersecurity Act into Law
- TSA Issues Second Cybersecurity Directive for Pipeline Owners and Operators
- White House Issues Executive Order on Cybersecurity
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
Related Posts
No related posts.