Joe Biden Signs Executive Order to Boost Cybersecurity

The order will increase the amount of shared information on cyberattacks and aims to improve government cybersecurity practices. The order comes just days after Colonial Pipeline temporarily closed due to a cyberattack.

(TNS) — President Joe Biden on Wednesday signed an executive order intended to strengthen U.S. cybersecurity through the sharing of information on attacks and adopting better practices throughout the government, as administration officials urged the private sector to build more secure software.

The order had been in the works for months, but it comes after a hack of Colonial Pipeline Co. forced the company to cut off the flow of fuel to much of the U.S. East Coast last Friday, leading to gasoline shortages and filling stations running out.

Colonial said Wednesday evening that the pipeline was returning to service.

A senior administration official told reporters on a conference call that the order only makes a down payment toward modernizing cyberdefenses, and stressed that the White House wants to focus on secure software development on building more secure software products for Americans.

All the software the federal government buys must meet the new standards within nine months, the official said, adding that the improvements in the federal government will be rolled out within six months.

And IT service providers that experience a hack will have new rules for sharing details about the incident, within specific timelines based on a sliding scale on the severity of the incident, added the official, who was granted anonymity to discuss the order.

The attacks on Colonial and one carried out last year on SolarWinds Corp., which compromised popular software to break into several government agencies and dozens of private companies, underscored the vulnerability of both government and private networks.

“Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity,” the White House said in a Wednesday release outlining the order. “These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”

But officials, speaking on condition of anonymity, said that if all the provisions in the order had been in place already, it might not have prevented the attack on SolarWinds or the Colonial Pipeline.

The order requires companies that work with the U.S. government to meet certain software standards, as well require improvements for federal agencies’ basic security practices, including mandating data encryption and two-factor authentication, the official said.

The White House intends to create a cybersecurity incident review board that would investigate attacks.

The hackers stole almost 100 gigabytes of data from Colonial Pipeline’s networks in just two hours, before locking its computers with ransomware and demanding payment, according to two people familiar with the investigation.

As a result of the shutdown of Colonial — North America’s largest petroleum pipeline — gasoline shortages spread across the U.S. South after motorists raced to fill their tanks.


©2021 Bloomberg L.P. Distributed by Tribune Content Agency, LLC
Special Projects
Sponsored Stories
Sponsored
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?
Sponsored
As more state and local jurisdictions have placed a priority on creating sustainable and resilient communities, many have set strong targets to reduce the energy use and greenhouse gases (GHGs) associated with commercial and residential buildings.
Sponsored
As more people get vaccinated and states begin to roll back some of the restrictions put in place due to the COVID-19 pandemic — schools, agencies and workplaces are working on a plan on how to safely return to normal.
Sponsored
The solutions will be a permanent part of government even after the pandemic is over.
Sponsored
See simple ways agencies can improve the citizen engagement experience and make online work environments safer without busting the budget.
Sponsored
Whether your agency is already a well-oiled DevOps machine, or whether you’re just in the beginning stages of adopting a new software development methodology, one thing is certain: The security of your product is a top-of-mind concern.
Sponsored
The World Economic Forum predicts that by 2022, over half of the workforce will require significant reskilling or upskilling to do their jobs—and this data was published prior to the pandemic.
Sponsored
Part math problem and part unrealized social impact, recycling is at a tipping point. While there are critical system improvements to be made, in the end, success depends on millions of small decisions and actions by people.
Sponsored
Government legal professionals are finding Lexis+ Litigation Analytics from LexisNexis valuable for understanding a judge’s behavior and courtroom trends, knowing other attorneys’ track records, and ensuring success in civil litigation cases.