Joe Biden Signs Cyber Order To Shore Up Federal Security

( President Joe Biden is trying to protect the cyberdefenses of America through a new executive order he signed Wednesday.

This new order comes in the wake of a cyberattack on Colonial Pipeline, a company that provides almost half of the jet fuel and gasoline for the U.S. East Coast. That ransomware attack forced the company to shut down its operations over the weekend, and exposed a huge hole in the cybersecurity of essential services.

Administration officials said the president has been working on this executive order for a few months, despite the timing of it being signed coinciding with the recent attack on Colonial Pipeline.

Through the new order, Biden hopes to strengthen the cybersecurity for all federal networks. The order also outlines new standards for security for all commercial software that’s used by the public and by businesses.

A fact sheet released with the executive order reads:

“Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.”

This is a new approach for the Biden administration, as a senior official told NPR. It “reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security.”

The executive order signed this week has a new series of requirements that companies that do business with the government must follow. It includes plans for additional systematic investigations of any cyber events, as well as set standards for development of software.

The idea behind the requirements are to use the contracting process for federal contracts to force specific changes that would, eventually, trickle down over into the rest of the private sector.

In an exclusive interview with NPR, Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, said:

“So essentially, federal government procurement allows us to say, ‘If you’re doing business with the federal government, here’s a set of things you need to comply with in order to do business with us.'”

Beyond just these new requirements, the Biden administration is considering a new pilot program that would provide standard ratings. It would be similar to the Energy Star rating that’s put on home appliances. It would allow consumers to know whether software they are purchasing or downloading was developed with the top security in mind.

As Neuberger said:

“We see small companies being forced to pay a ransom to get their business back up and running. You know, we see school systems’ networks down due to criminals. So, those risks touch everyday Americans’ lives, as well as at the national level.”

The new executive order requires all companies to report certain bits of information about any cyber breach. Security standards on all government networks will be updated, too. This includes a mandate for encryption and multi-factor authentication.

The order also creates a Cybersecurity Safety Review Board, which will analyze all incidents. It will be similar in nature to the National Transportation Safety Board, a group that reviews all plane crashes and other incidents with other transportation modes.