In response to the unprecedented software supply chain attacks to SolarWinds and Microsoft in 2020 and 2021, the Executive Branch issued a major directive on cybersecurity policy: EO 14028. The EO requires US federal agencies to adopt specific strategies and technologies to modernize and harden their infrastructure. In so doing, the agencies are to serve as an example to the private sector. The EO places particular emphasis on capabilities such as EDR, XDR, MFA, and Zero Trust architecture solutions that can support organizations in everything from endpoint and network protection to cloud modernization to encryption.
The question remains, however: How do various nations’ government agencies and critical infrastructure providers perceive the need for the advanced cyber defenses, standards and practices such as those called for in the US EO, and how do they compare in their progress towards implementing them? Based on research conducted in the US, UK, France, Germany, India, Australia and Japan, this report explores the progress required to protect these entities from cyber-attacks, the perception of the requirements demanded by the US EO among US organizations, and the general state of relations between national governments and critical infrastructure providers on cybersecurity matters.