Feds Are '82% There' in Securing the Government After Solarwinds Hack

pcmag.com:

In the aftermath of the Solarwinds supply chain attack—which affected a huge swatch of government agencies and private companies—the Biden White House issued an executive order(Opens in a new window) intended to batten down hatches across the government, and encourage industry to beef up security by setting new standards for contractors. Over a year out from its issuing, federal cybersecurity leaders at the RSA Conference say they're nearly done.

On stage at the conference, National Cyber Director John Chris Inglis gave an overview of the order's requirements. "The federal government believes it needs to get its own house in order," he said. This involved rolling out multi-factor authentication across the federal government, and ensuring data is encrypted in transit and at rest, among other requirements.    

"The long story made short is that the government is trying to put its money where its mouth is, driving these practices into the supply chain that then feeds the government," Inglis continued.

"To my way of thinking, I think that we've done extremely well in making a demonstrable difference to the inherent resilience and robustness of those architectures," said Inglis, adding that he felt the federal government is "82% there."

Part of the challenge the government now faces, Inglis said, is determining exactly what is still not secure enough. In some cases, systems might not be reachable or upgradable. The solution for those situations, Inglis explained, is to "wrap those in a place to reduce the attack surface."

Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), explained that carrying out the order is a major undertaking for CISA. "It's incredibly complicated, it's 101