X

White House to beef up cyberdefenses for National Security Agency, Defense Department

A new memorandum requires cybersecurity measures at intelligence-gathering organizations to match or exceed those of federal civilian networks.

Dan Avery Former Writer
Dan was a writer on CNET's How-To and Thought Leadership teams. His byline has appeared in The New York Times, Newsweek, NBC News, Architectural Digest and elsewhere. He is a crossword junkie and is interested in the intersection of tech and marginalized communities.
Expertise Personal finance, government and policy, consumer affairs
Dan Avery
2 min read
Laptop screen showing Matrix-like code

Government intelligence-gathering organizations will be required to report cyberattacks to the National Security Agency.

Chesnot/Getty Images

President Biden Joe Biden on Wednesday signed a memorandum to improve online security measures for the government's most sensitive computer networks.

Following an executive order signed last May, the new National Security Memorandum is intended to boost cybersecurity measures at the National Security Agency, the Department of Defense and other intelligence-gathering organizations, requiring them to match or exceed those of federal civilian networks.

The 17-page document "builds on the Biden Administration's work to protect our Nation from sophisticated malicious cyber activity, from both nation-state actors and cybercriminals," the White House said in a statement. "We are prioritizing and elevating cybersecurity like never before." 

It authorizes practices common in the business world -- like including encryption, cloud technologies and multifactor authentication -- for intelligence agencies and related contractors. It also requires affected organizations to report cyberattack incidents to the NSA, described as the "national manager" for the government's classified systems, and to develop tools to securely share data between classified and unclassified systems.

The NSA has been eager to close the cybersecurity gap for nearly a decade, following the leaks of thousands of classified documents by former contractor Edward Snowden in 2013, the Wall Street Journal reported.
Last week, White House officials met with top executives from Apple, Google, Microsoft, Red Hat, Oracle and other tech companies to discuss how to improve the security of open-source software in the wake of the discovery last month of Log4Shell, a massive security flaw in the Java-logging library Apache Log4j that left tens of millions of Web-connected devices vulnerable.  
While no federal agencies were compromised as a result of the Log4j flaw, Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said it was the most serious she's seen in her career.  

"We do expect Log4Shell to be used in intrusions well into the future," Easterly told reporters earlier this month.