As reported by The Wall Street Journal, the memorandum mandates that cybersecurity practices and standards like two-factor authentication (2FA) and encryption will be required to protect the country’s national security systems. This means that the Defense Department, intelligence agencies like the FBI and federal contractors will need to upgrade their security if they haven’t done so already.
Essentially, President Biden’s new memorandum ensures that national security agencies adhere to the cybersecurity standards established for civilian agencies laid out in an executive order signed last May. These agencies will also need to implement a number of cybersecurity protocols such as using certain cloud-based technologies and software capable of detecting security problems on their networks.
Binding operational directives
The lengthy memorandum also authorizes the NSA to issue binding operational directives that will require agencies and organizations operating national security system to take additional efforts to guard against both known and potential cybersecurity threats.
The US Department of Homeland Security (DHS) also has the power to issue binding operational directives that apply to civilian government networks. In fact, back in December, it used this power to order agencies to mitigate the Log4Shell vulnerability in Apache’s Log4J software.
Binding operational directives issued by the NSA could require other government agencies to take steps like patching their systems immediately, taking systems offline or uninstalling software that seen as potentially dangerous just like the Trump administration did with Kaspersky’s antivirus software back in 2017.
At the same time, the memorandum will require US defense and intelligence agencies to further secure the tools they use to share data between classified and unclassified systems.
Hopefully, the NSA’s new cybersecurity power will prevent US government agencies from falling victim to further data and security breaches going forward.