The cybersecurity executive order is not all it’s cracked up to be

Seventy-two percent of federal cybersecurity leaders say the White House’s May 2021 Cybersecurity Executive Order (EO) addresses only a fraction of today’s cybersecurity challenges, according to a study from MeriTalk.

The study – which surveyed 150 federal cybersecurity leaders across Civilian and Department of Defense (DoD) agencies – found that, while the EO brings cybersecurity issues to the forefront, federal cyber leaders need to shift gears to make real progress. The current focus is on the wrong aspects – 77 percent of respondents say their agency is focused on compliance over long-term cyber resilience.

As threats evolve, 77 percent agree their agency needs to better understand the attackers’ perspective to build a more proactive defense. Sixty-three percent say they currently utilize offensive tactics in their cybersecurity efforts – but do not feel their offensive security is very effective.

Federal leaders must do more to address full-spectrum cybersecurity

But there is a path forward. The study – underwritten by Leidos – found that 78 percent of leaders agree the biggest benefit of the EO is its elevation of cybersecurity to the top levels of government agencies. At the same time, 83 percent of surveyed individuals feel federal leaders must do more to address full-spectrum cybersecurity, and 81 percent agree agencies must move beyond compliance to a more modern, agile, and effective cybersecurity model.

“Cyber threats are becoming more evasive and continue to evolve, but we must move beyond compliance to a modern, agile, and effective cybersecurity model,” said Meghan Good, Director of the Cyber Accelerator, Leidos.

Survey respondents were asked about current structural weaknesses within cybersecurity models, and what leaders should be focused on when designing new, more effective strategies for their organization.

Federal leaders even struggle with opposing views on the likelihood of breaches, as 58 percent believe breaches are preventable, while 42 percent believe breaches are inevitable.

The biggest design flaws in today’s federal cybersecurity strategies, according to respondents, are compliance-based security (41 percent), cyber skills gap (37 percent), ineffective information sharing (35 percent), lack of senior management or executive-level support (35 percent), and lack of cyber culture (35 percent)

Agencies can arm the trap

Over the next five years, the most important steps agencies should take to help realize federal cyber leaders’ visions are:

• Instilling a stronger culture of cybersecurity throughout the agency (41 percent)
• Improving the ability to track/understand what’s going on in their environment (37 percent)
• Maturing AI/ML (artificial intelligence/machine learning) applications (37 percent)
• Increasing use of automation (37 percent)
• Prioritizing pilot efforts/security innovation (37 percent)