Rick Rutter, Director, Content Strategy, Juniper Networks

National Security Improvements

News on The Feed Security
Rick Rutter Headshot
Host Rick Rutter's picture on the left side of the screen next to guest Mike Spanbouer's picture on the right.  The bottom right corner of the screen says "News" over top of a Juniper Networks logo.  The bottom left corner of the screen says "News on The Feed, National Security Improvements, Biden's Executive Order 14028 Explained"

Bookmark this: Executive Order 14028 explained

Cyber security attacks are on the rise. A recent Executive Order highlights specific high-impact areas of cyber security that need to be addressed (hello, critical infrastructure!) and provides guidance on how to do so. Rick Rutter talks to Juniper security expert Mike Spanbauer for straight-up info about the significance of Executive Order 14028 for you and your enterprise.

Show more

You’ll learn

  • The  implications of the Executive Order across state and local governments 

  • Exactly what’s included in this order and what’s still to come in the future 

  • What anyone involved in the software supply chain working with government needs to know about this order

Who is this for?

Security Professionals Network Professionals

Host

Rick Rutter Headshot
Rick Rutter
Director, Content Strategy, Juniper Networks

Guest speakers

Mike Spanbauer Headshot
Mike Spanbauer
Customer Architecture & Field CTO, Security, Juniper Networks

Transcript

0:00 with cyber security attacks on the rise

0:02 executive order

0:04 14028 highlights specific high impact

0:06 areas of cyber security that need to be

0:09 addressed and it provides prescriptive

0:11 guidance on how to do it

0:13 mike spanbauer director at juniper

0:15 security recently published a blog to

0:17 explain its significance so mike

0:20 the focus of the eo is to help protect

0:22 the nation's networks and critical

0:24 infrastructure what are the implications

0:26 across government including state and

0:28 local ah rick that's a great question

0:31 and certainly this is an exciting topic

0:33 as i do believe that the executive order

0:35 set out to provide effective guidance as

0:38 well as uh prescriptive measures that

0:40 the

0:41 federal groups involved would pursue in

0:44 order to better guide and support

0:47 security efforts uh throughout many

0:48 aspects of the nation's infrastructure

0:51 and so this particular executive order

0:53 came out last year in may

0:56 and in essence set forth some particular

0:58 steps for

1:00 uh really establishing better threat

1:02 intelligence sharing uh that's the

1:04 discovery of uh attacks both on uh an

1:07 entity as well as uh from that moment uh

1:11 you know any discovered vulnerabilities

1:12 or potential areas of exploitation uh

1:15 between groups and a whole series of

1:16 guidance there uh in addition uh updated

1:19 and stronger standards for cyber

1:22 security throughout

1:23 a number of federal entities and

1:25 agencies plus uh within that there's a

1:28 number of initiatives that include

1:30 zero trust architectures and certainly i

1:32 think words that many hear in context of

1:35 security but in terms of how

1:38 one goes about achieving uh zero trust

1:40 uh is is a you know quite a quite an

1:43 involved endeavor and there's elements

1:44 there uh beyond that software supply

1:48 chain security is a significant piece of

1:50 this and i think many have heard in the

1:52 news right these

1:54 threats that have existed within other

1:56 software that you're using well it's

1:58 certainly broad and

2:00 in this component of the eo

2:02 there are

2:03 elements of language that speak to this

2:06 software bill of materials or in essence

2:08 uh an index of what's in your software

2:12 that the uh

2:14 client or in this case right the

2:16 agencies can then index and look at

2:18 relative to you know activities and

2:21 actions that they need to take uh

2:23 measures on so so those are just a few

2:25 of the pieces uh that are that are

2:27 outlined within the eo and i think one

2:29 other piece that's actually very

2:30 important because it's also a great

2:32 practice for

2:33 uh enterprise organizations too which is

2:35 playbooks for uh incident response and

2:38 how you act or handle uh you know the

2:40 finding or discovery of either a

2:42 vulnerability or an incident itself

2:45 right that's when a threat

2:46 has landed there's some potential

2:49 exploitation or or data manipulations

2:51 that's occurred and and you're now you

2:54 know in the drill mode of responding to

2:56 said incident and this

2:59 playbook activity

3:01 speaks to

3:02 the need for the organizations to be

3:05 able to uh work within the context of

3:07 each other's as well as uh take you know

3:10 really consistent action throughout uh

3:12 their their uh their own needs and so

3:14 all of this works and seeks to

3:17 improve the investigation remediation

3:19 capabilities you know of the the

3:21 government the agencies involved overall

3:23 awesome and i mean like it sounds like

3:25 there's a ton to unpack in this

3:27 executive order um but you did bring up

3:29 supply chain and that many times does

3:31 affect like broader a broader set of

3:33 companies if people are working with

3:35 government what do they need to know um

3:37 in terms of like software supply chain

3:40 i also i think briefly first of all

3:43 right this concept of a software supply

3:45 chain is you know this code reuse and

3:47 leverage which frankly is just good

3:48 practices for efficiency right you know

3:51 libraries that are contributed by open

3:53 source or other mechanics that vendors

3:55 then use to expedite their own delivery

3:57 of software and in particular right

3:59 being able to tail out exactly which

4:02 libraries are used which versions of

4:04 said libraries are employed

4:05 as well as you know how the functions

4:07 are controlled because you can disable

4:09 or enable certain functions even if it's

4:12 you know open source or contributed

4:14 software that's all within the scope of

4:16 this and so vendors often have this

4:19 index today uh but part of what the ceo

4:22 seeks to help guide and really you know

4:25 provide visibility to is which software

4:28 components are where and ensuring that

4:30 uh when things are discovered right in

4:32 this this vulnerable world we are in uh

4:35 that the right agencies can take actions

4:38 to either patch or remediate or address

4:40 in some way uh you know the the software

4:42 so so there's not yet explicit uh

4:45 contract language uh but we're expecting

4:47 uh within the next you know a few months

4:50 uh here in the middle of 22 to find some

4:53 of that as slow downs uh from from the

4:56 agencies that are guiding this effort to

4:58 vendors to

5:00 support and and really address this

5:01 initiative well mike thanks for joining

5:04 and explaining the significance this

5:05 executive order has on improving cyber

5:08 security at the national level and it

5:10 sounds like several of the items will

5:11 also benefit other sectors and markets

5:13 as well

5:14 so to read mike's blog post or watch his

5:16 webinar check out the links below and

5:18 while you're on the feed please take

5:19 some time to soak up a little industry

5:21 knowledge

5:22 thank you

Show more