White House releases National Security Memorandum which follows July’s Executive Order

US President Joe Biden during a news conference on January 19th, 2022. Photo: REUTERS/Kevin Lamarque

US President Joe Biden signed a National Security Memorandum (NSM) on Wednesday, introducing a new set of requirements meant to improve the cybersecurity of the US’s most sensitive networks.

Titled “Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems”, this NSM comes on the heels of the Executive Order on Improving the Nation’s Cybersecurity, signed by the president in May 2021.

“Cybersecurity is a national security and economic security imperative for the Biden Administration, and we are prioritizing and elevating cybersecurity like never before,” the White House said in a fact sheet released on Wednesday.

The NSM establishes a timeline as well as guidance on how various cybersecurity measures mentioned on the Executive Order will be implemented, including multifactor authentication, encryption, cloud technologies, Zero Trust architecture, and endpoint detection services.

In addition, agencies are now required to identify their national security systems and report cyber incidents to the National Security Agency (NSA) – which is now authorized to create binding operational directives requiring agencies to take actions to counter cybersecurity threats or vulnerabilities.

Since assuming office, President Biden’s MO has been to rally as many national allies as possible in order to create a joint, powerful coalition against cyber threats, whether backed by nation states or financially or otherwise motivated.

In June 2021, the G7 leaders pledged to fight ransomware and bolster collective cyber defenses. In October, some 30 countries gathered for a remote conference to stop ransomware.

In July, Biden issued an NSM establishing voluntary cybersecurity goals regarding critical infrastructure protection, such as implementing specific mitigation measures and developing cybersecurity contingency and recovery plans.