Biden’s Cybersecurity Executive Orders Will Affect MSPs, MSSPs

COMPTIA CHANNELCON — Look out, managed service and managed security service providers: new requirements related to the Biden Administration’s recent cybersecurity executive orders “will be coming your way.”

That’s the word from Theresa Payton, keynote speaker at CompTIA’s virtual ChannelCon event and president and CEO of Fortalice Solutions.

On Wednesday morning, Payton conducted an exclusive Q&A with attendees at the virtual gathering. Most of the inquiries came from MSPs and MSSPs concerned about leveling up their security postures. With that in mind, one MSP wanted to know how cybersecurity executive orders – one issued in May, another signed late last month – could affect his business.

As a refresher, both orders stem from cyberattacks on private companies and federal government networks since 2020. Hackers ramped up their efforts during the pandemic — and show no signs of relenting. After breaches hit SolarWinds and the Colonial Pipeline (and before Kaseya and others), Biden this year has moved to batten down the country’s cybersecurity hatches.

For example, the order from May comes with several requirements. Among those mandates, government agencies and departments must “make bold changes and significant investments” in zero-trust architecture, software standards and more.

The similar, separate order from July sets performance standards for technology and systems used by private companies in food, energy, power and water. However, the feds cannot force compliance.

At least, they can’t right now. That will change, Payton said.

“Depending on what industry you’re in, chances are, you have a regulator of some sort,” she explained. “So, this will turn into activities you will be required to do.”

MSPs need to plan for that eventuality, although there’s no clear timeline.

“How this turns into legislation, and a potentially onerous checklist for all of you, I’m concerned,” Payton said. “Executive orders serve a really wonderful purpose but sometimes there’s a one-size-fits-all approach.”

‘Have Your Voices Heard’

That can mean an MSP must spend thousands of dollars proving compliance — something no business wants to do. To possibly help avoid that outcome, Payton encouraged ChannelCon attendees to participate in public comment windows.

“OMB pays attention, the Hill pays attention,” she said.

Payton would know. She served as the first female CIO of the White House during the George W. Bush years.

“Have your voices heard,” she added.

Another way MSPs and their clients can do that is by talking with elected officials.

“Many times there’s a lot of turnover in staff and not enough understanding around cybersecurity,” Payton said.

And that translates into an ongoing, problematic conventional wisdom, she said — “that penalties are the way to go.”

“I would like to see us help change …

Comments are closed.