President Biden signed a national security memorandum on Wednesday that sets new cybersecurity requirements for sensitive national security systems run by the Pentagon, intelligence community and other federal agencies.
The memorandum lays out how Biden’s May executive order on federal government cybersecurity applies to national security systems controlled by government agencies, stating that national security systems should at minimum have the same security protection as federal civilian networks under that order.
The memorandum requires these agencies to prioritize resources to adopt and use cloud technology. It also directs agencies to implement multi-factor authentication and encryption for most national security systems within 180 days of its signing.
It also requires affected agencies to report suspected breaches of national security systems to the National Security Agency (NSA) and requires the NSA in coordination with DNI and CIA to establish plans for reporting such suspected compromises.
The memo empowers NSA to issue binding directives to agencies to take action to mitigate a potential cyber threat or vulnerability.
Additionally, it orders the NSA, CIA, FBI, Defense Department branches and the intelligence community to develop a framework to better coordinate on cybersecurity and incident response efforts on national security cloud technologies.
The new memorandum is a product of Biden’s May 12 executive order, which mandates the federal government to adopt requirements for national security systems within 60 days.
Biden signed the sweeping executive order last year following major cyberattacks, including the SolarWinds hack in which Russian state-sponsored hackers gained access to nine federal agencies and dozens of private sector organizations. The SolarWinds breach occurred under the Trump administration.
“Modernizing our cybersecurity defenses and protecting all federal networks is a priority for the Biden Administration, and this National Security Memorandum raises the bar for the cybersecurity of our most sensitive systems,” reads a White House fact sheet accompanying Wednesday’s memorandum.
Sen. Mark Warner (D-Va.), who chairs the Senate Intelligence Committee, commended Biden’s latest action in a statement and urged Congress to pass bipartisan legislation that would require owners and operators of critical infrastructure to report breaches to the federal government within 72 hours.
Updated 1:01 p.m.