Following a string of sweeping cyberattacks on private corporations and federal government networks during the past year, President Joe Biden signed an executive order to improve U.S. cybersecurity protections on Wednesday, May 12.
Biden’s order to modernize national cyberdefenses seeks to deter breaches by defining minimum requirements that agencies and suppliers must follow, such as encryption and multifactor authentication. Government contractors would also be expected to notify officials as soon as a cybersecurity violation occurs.
On an evening call with reporters, a senior administration official said the cyberorder had been in the works since week two of Biden’s presidency.
“Today’s executive order makes a down payment towards modernizing our cyberdefenses and safeguarding many of the services on which we rely. It reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security,” said the official.
Although the order would not specifically address facilities owned by companies like Colonial Pipeline, the White House stated that specific provisions could affect broader business regulations.
Colonial Pipeline, the most extensive pipeline system for refined oil products in the U.S., has dealt with a devastating ransomware assault, resulting in massive fuel shortages throughout the East Coast and sparking a full-scale government intervention.
According to two people familiar with the investigation, hackers seized about 100 gigabytes of data from the company’s networks in just two hours before encrypting the machines with ransomware and demanding payment. DarkSide, a ransomware team, is suspected of being behind the attack.
The Colonial Pipeline hack is only the most recent case of terrorist gangs or state agents taking advantage of cyber vulnerabilities in the United States. Last year, hackers gained access to correspondence and documents in many government departments.
Since taking office, the Biden administration has faced a slew of high-profile cyberattacks, including the Russian intelligence-led SolarWinds hack and another involving Chinese hackers exploiting bugs in Microsoft email apps.
The new executive order also creates a cybersecurity incident control commission, which will be conducted by representatives from both the public and private sectors.
The latest directive will work together to protect the cyber landscape from potential threats. By forcing all government transactions to follow the new requirements within nine months and exchange security data regularly, the aim is to raise demand for stable applications.
The administration official stated, “We’re going to use the power of federal procurement to jump-start this market because everything we buy has to be built securely. We’d never buy a family minivan knowing it could have potentially fatal defects or with the expectation of recalls.”
The order will increase the government’s ability to track infringements quickly, such as when a Russian spy agency attacked the software firm SolarWinds. The general system will tunnel through nine federal departments, technology companies, and utilities through the firm’s upgrade feature.