Amanda Khatri
Editorial Manager
Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?
Executive Order 14028 steps up regulatory risk management in the US, focused on improving national security. It comes after increasing numbers of cyber-attacks on Federal Agencies in recent years, most prominently, the US voters database exposure.
The Executive Order 14028 aims to standardise cyber protocols across each Federal Agency and create guidelines for hiring contractors. It proposes a new regulatory risk management framework to protect national security and interests.
What’s the need for increased regulatory risk management?
The state of cybersecurity in America is dire. With increasing cyber-attack attempts and emerging techniques, many companies feel blindsided by the general and deficient advice out there. What’s more, the technology and techniques of these threats are increasing in their levels of sophistication.
In Federal agencies particularly, there is a complete lack of guidelines for identification, detection, and prevention. Likewise, cyber captains feel vulnerable due to their inflexible systems and slow responses.
Since 2001, the financial impact of cybercrime attacks has increased from $17.8 billion to $103 billion. It’s no surprise then, that over $10.8 billion was pledged from the US budget towards fighting cybercrime this year.
What’s the scope of Executive Order 14028?
Executive Order 14028 has three main components for regulatory compliance:
- Prevent barriers to threat information sharing
- Modernise the approach to cybersecurity with cloud technology mandates
- Establish a cybersecurity review board
Prevent barriers to threat information sharing
One of the largest blocks to progressing in the anti-fraud industry right now is associated with contract limitations. In particular, cross-company sharing is limited, as is how many federal agencies and contractors are allowed to make the cyber threat data public. This follows standard operational risk protocols – and is likely to have been decided under a risk assessment.
However, Executive Order 14028 aims to remove information-sharing barriers and mandate an open channel. This means that companies that are subjected to cyber-attacks must report incidents and give details.
This new approach aims to strengthen the collective fight against fraudsters and hackers. Sharing in a secure channel should also allow for continued best practices in operational risk management. With better communication between Federal Agencies, firms can work with more detail and be better prepared for security threats.
Modernise the approach to cybersecurity with cloud technology mandates
Executive Order 14028 will enforce the use of cloud technology across Federal agencies. Right now, many of these agencies rely on vulnerable legacy programs to store their important records.
Not only do these programs increase the risk of a cybersecurity incident, but they are typically very slow and cumbersome. It’s like trying to complete an internal audit without an intuitive program – very manual.
Instead, the implementation of cloud technology should increase the general level of security and improve overall efficiency across different departments. Even regulatory reporting is likely to become quicker since cloud technology uses automation.
Moreover, commitment to cloud technology will lead to easier information sharing between agencies and financial services, strengthening information sharing. By placing great emphasis on the introduction of cloud technology, Executive Order 14028 is likely to strengthen security for Federal Agencies.
Establish a cybersecurity review board
Finally, Executive Order 14028 aims to improve the nation’s security by developing a review board, with members from the Office of Management and Budget (OMB), Secretary of Defense and Director of National Intelligence (DNI).
This panel is expected to meet regularly and make recommendations for the ongoing security best practices of the nation in the face of rising cybersecurity incidents. Moreover, Biden has asked the board to create a standard procedure for incident reporting and a playbook for a response. This is likely to form the bulk of regulatory requirements in time.
The panel will develop a standard set of contractor requirements. It should provide a guideline for compliance (and the prevention of financial crime) moving forward, for both Federal Agencies and their third-party contractors.
How is Executive Order 14028’s regulatory risk management expected to change things for national cybersecurity?
The primary benefit of introducing Executive Order 14028 in the United States is preventing future breaches by increasing information sharing. Even as technology evolves, this skeleton should provide a robust overview for increasing industry awareness and responding to all types of threats. Increased internal controls should increase corporate governance and responsibility, reduce manual processes and facilitate risk mitigation.
Moreover, Executive Order 14028 aims to protect the integrity of both Federal agencies and the security of the public. Research shows that there is a significant knowledge gap in the public sector. Therefore, Executive Order 14028 should provide guidance in regulatory risk management.
Finally, we expect that this order should make it easier to evaluate and compare potential contractors. With a set protocol on how to ward off security threats, Federal Agencies are given the tools to stand up to threats.
Who must comply with Executive Order 14028?
So far, it seems that only Federal Agencies will have to develop their regulatory risk management frameworks to comply with Executive Order 14028. However, as things progress, their contractors will quickly be required to comply with the regulation. In time, it’s not out of the question that the standards for cybersecurity will apply to public companies, so it’s important to get future-ready.
CUBE can help you implement flexible compliance solutions into the regulations that govern your business. Our RegPlatform uses horizon-scanning technology to provide a market-leading platform to clients. Benefit from purpose-built modules tailored towards your exact regulatory risk management needs.
Demo CUBE RegPlatform.
Request a demo to see for yourself how CUBE can help you.