Understanding Executive Order 14028: What Agencies Need to Know

In May 2021, President Joe Biden signed Executive Order 14028 on Improving the Nation’s Cybersecurity, marking a major step toward enhancing the security posture of the U.S. federal government and its partners. This order is not just a policy directive; it is a blueprint for the modernization of the nation’s cybersecurity efforts. It focuses on improving the government’s ability to defend against and respond to cyberattacks, an increasingly critical concern in a world where cybersecurity threats are growing in scale and sophistication.

For federal agencies, understanding the implications and requirements of Executive Order 14028 is crucial. This blog aims to break down the key provisions of the order, highlight what federal agencies need to do to comply, and explain the broader significance for the U.S. government’s cybersecurity strategy.

Key Provisions of Executive Order 14028

Executive Order 14028 is multifaceted, with several key directives aimed at strengthening the cybersecurity infrastructure of federal agencies. These include:

  1. Improved Cybersecurity Incident Reporting
    The order mandates that federal agencies enhance their ability to detect and respond to cybersecurity incidents. It requires agencies to implement capabilities for sharing cyber threat information more rapidly. Additionally, it establishes a standardized process for reporting cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA), which will act as the central hub for coordinating responses.
  2. Zero Trust Architecture
    A major component of the order is the push towards adopting Zero Trust Architecture (ZTA) across federal networks. This security model assumes that no device or user is inherently trusted, regardless of location. By continuously verifying access requests, agencies can significantly reduce the risks of cyber intrusions and minimize potential damage from data breaches.
  3. Enhancing Supply Chain Security
    The order acknowledges the growing threats posed by vulnerabilities in the software supply chain, exemplified by high-profile incidents such as the SolarWinds hack. Agencies are directed to implement software bill of materials (SBOM) and improve software security across the federal procurement process. This means agencies must prioritize secure coding practices, conduct vulnerability assessments, and ensure that software vendors meet rigorous security standards.
  4. Enhanced Endpoint Detection and Response (EDR)
    Federal agencies are required to implement endpoint detection and response tools on all government networks. These tools are vital for detecting malicious activity at the device level and for providing ongoing monitoring to quickly identify and address emerging threats.
  5. Collaboration with the Private Sector
    The order encourages stronger collaboration between the public and private sectors, especially regarding the sharing of cyber threat information. Given the vast number of private sector entities that support the government’s infrastructure, this partnership is essential to identify, mitigate, and respond to cyber threats effectively.
  6. Cybersecurity Training and Workforce Development
    A skilled workforce is one of the most crucial components of a robust cybersecurity strategy. Executive Order 14028 emphasizes the need for agencies to invest in cybersecurity training, upskilling, and creating a diverse, skilled workforce that can address emerging cyber threats.
  7. Implementation of Security Measures on Federal IT Systems
    The order directs federal agencies to review and update their IT systems’ security frameworks, ensuring they are equipped to defend against evolving threats. The implementation of these measures will improve overall network resilience and help agencies better prepare for future cyberattacks.

What Federal Agencies Need to Do

Federal agencies must align their cybersecurity policies with the directives outlined in Executive Order 14028. Some specific actions agencies should take include:

  • Review and Update Cybersecurity Frameworks
    Agencies should conduct comprehensive audits of their cybersecurity policies, identifying areas where they fall short of the order’s provisions. Agencies will need to make necessary adjustments to their incident response plans, IT infrastructures, and security protocols to ensure compliance.
  • Invest in Zero Trust Architecture
    Implementing a Zero Trust model is a significant shift in the way agencies handle cybersecurity. Federal agencies must begin the process of transitioning to ZTA by enhancing access controls, deploying identity and authentication systems, and continuously monitoring network traffic to detect anomalies.
  • Work with Vendors to Strengthen Software Supply Chain Security
    Agencies must partner with software vendors to ensure that software products meet minimum security standards, including the use of SBOMs. Ensuring that third-party software is secure and regularly updated is essential to mitigate vulnerabilities within the federal supply chain.
  • Enhance Incident Response and Reporting Protocols
    Agencies need to update their cybersecurity incident response protocols to align with the reporting requirements of CISA. This includes making sure that agency personnel are trained in recognizing cyber threats and following proper reporting procedures to ensure swift responses.
  • Focus on Workforce Development
    Building a capable cybersecurity workforce is crucial. Agencies should consider investing in both ongoing training for current employees and developing strategies to recruit skilled cybersecurity professionals. In addition to technical skills, agencies should also emphasize the importance of a culture of security across all levels of the workforce.
  • Implement Endpoint Detection Tools
    Federal agencies must deploy EDR systems to protect all endpoints within their network. These systems will help agencies monitor and respond to potential security incidents before they escalate.

The Broader Implications of Executive Order 14028

While Executive Order 14028 is primarily focused on the federal government, its effects will ripple out to the private sector and the broader cybersecurity community. The order provides a roadmap for how government agencies should approach cybersecurity and sets a new standard for security across federal networks.

In particular, the emphasis on supply chain security, Zero Trust, and incident reporting will likely influence private sector cybersecurity practices, especially for organizations that work with government entities or rely on government systems. By setting a high bar for government cybersecurity, Executive Order 14028 raises the stakes for all organizations involved in the nation’s critical infrastructure and services.

Conclusion

Executive Order 14028 is a forward-thinking approach to addressing the growing and ever-evolving cyber threats facing the nation. For federal agencies, compliance with this order is not just about following a mandate—it’s about strengthening the security of the federal government, improving coordination with the private sector, and protecting the country’s digital infrastructure.

By taking proactive steps to implement the measures outlined in the order, federal agencies will be better equipped to defend against cyberattacks, mitigate risks, and create a more secure digital environment for all Americans. Cybersecurity is no longer a passive requirement—it’s a crucial element of national security, and Executive Order 14028 sets the foundation for a more secure and resilient future.