Department of Homeland Security (DHS) Secretary Alejandro Mayorkas on March 31 offered some broad-brushed details about the Biden administration’s coming executive order on cybersecurity.
Speaking at a virtual event hosted by RSA, Mayorkas said in his prepared remarks that the coming executive order will contain “nearly a dozen actions,” and will focus on topics including improved threat detection, information sharing, security modernization, Federal procurement, and Federal incident response.
“The Federal government must lead by example at a time when the stakes are so high,” Mayorkas said, adding, “More details will be shared soon.”
Guiding Principles
Mayorkas also discussed five principles “that will guide our work in this area moving forward” to implement the administration’s cybersecurity strategy. Those include:
- Taking into account the “broader geopolitical context and democratic backsliding that is happening around the world” and the use of cybersecurity as a pretext to infringe on civil liberties and human rights, Mayorkas said. “Make no mistake: a free and secure cyberspace is possible, and we will champion this vision with our words and actions,” he said.
- Cyber defense goes hand in hand with resilience, and thus “bold and immediate innovations, wide-scale investments, and raising the bar of essential cyber hygiene are urgently needed to improve our cyber defends,” he said. “We need to prioritize investments inside and out of government accordingly.”
- Taking a risk-based approach to security, he said, is key to allocating limited resources and maximizing the impact of cyber defenses. “A fact-based framework needs to guide the assessment of risk at home and abroad,” he said.
- Improving collaboration between the government and private sector on cyber defense and threat data sharing is essential, he said. “If actionable, timely, and bidirectional information is not distributed quickly, malicious cyber actors will gain the advantage of more time to burrow into systems and inflict damage,” he said.
- “The final principle,” he said, “is to integrate diversity, equity, and inclusion – or DEI – throughout every aspect of our work. Mayorkas said that principle requires recruitment, development, and retention of diverse talent, and equal access to professional development opportunities to “to fill the current half million cyber vacancies across our country and to prevent future shortages that threaten our ability to compete.”