Megan Brown Featured Prominently in Article on Biden’s Cybersecurity Executive Order

May 25, 2021

Megan L. Brown, partner in Wiley’s Privacy, Cyber & Data Governance, National Security, and Telecom, Media, & Technology practices, was quoted extensively by Inside Cybersecurity in today’s article about President Biden’s recent Executive Order (EO) on Improving the Nation’s Cybersecurity.

As Inside Cybersecurity reported, the EO will direct the Biden Administration’s policies on the security of federal networks, software security including product labeling, and information sharing, among other issues. Ms. Brown co-authored a Wiley alert on the EO on May 13.

“The EO is chock full of regulatory activity that will be subject to little, or very compressed, public input,” Ms. Brown told Inside Cybersecurity.

“Contractors that work with civilian agencies need to quickly consider how to monitor and react to proposals,” she explained. “In the rush to meet these deadlines, the government may lift aspects from the [Defense Department’s] model that may not make sense for the array of commercial vendors that work with civilian agencies.”

Regarding the requirement in the EO for federal agencies to remediate legacy software that does not meet the new cybersecurity standards, Ms. Brown said various agencies “will be churning on several core definitions from ‘critical software’ to ‘service provider.’ I see risk that the government overreaches on key definitions, and sets up software vendors for unrealistic requirements that apply without enough consideration of risk and context for different uses of software.”

“It may not be realistic to expect the government to evaluate and remove legacy software that does not meet new standards and guidelines,” she said.

To read the article, click here (subscription required).