At 34 pages, President Joe Biden’s May executive order on cybersecurity is lengthier than many such White House directives. It’s going to keep federal agencies busy for a long time implementing a host of protective measures, but one might prove a heavier burden, according to Federal Chief Information Security Officer Chris DeRusha.
The executive order establishes cybersecurity event log requirements for agencies, meant to improve the government’s ability to investigate and clean-up attacks.
“To do monitoring and understand what activity is occurring or has occurred on your network, that’s a huge multi-year exercise that each agency’s going to have to undertake,” DeRusha said during an interview that aired Tuesday as part of CyberTalks, a summit presented by CyberScoop.
But it’s a very important part of the order, he said.
“When you think about it it’s really a key pillar of … cyber hygiene,” said DeRusha.
Under the order, the Homeland Security Department, attorney general and Office of Management and Budget are charged with writing recommendations for logging event requirements, such as what types of logs need to be kept, how long they should be retained and how they should be protected. DHS and the Commerce Department are then charged with forming policies for agencies to establish logging, log retention and log management requirements.
OMB will work with agencies to make sure they have what they need to carry out the requirements. And agencies must produce logs to DHS and the FBI upon request.
“You start to categorize out all the logs that you need to retain for significant periods of time to do successful digital forensics exercising,” DeRusha said.
Biden penned the executive order primarily in response to the SolarWinds supply chain hack that compromised nine federal agencies. Although it’s ambitious, it’s just one element of the Biden administration response: The president’s budget blueprint for fiscal 2022 also proposes $750 million for agencies affected by the SolarWinds campaign.