In the aftermath of the recent Colonial Pipeline hack, which caused the shutdown of the United States’ largest pipeline system for refined oil products, President Joe Biden signed an executive order to help shore up the nation’s cybersecurity and protect government networks.
“Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals,” the White House said in a statement.
The Biden Administration noted that those breaches all highlighted “insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”
Biden’s order will take several actions in an effort to help improve the nation’s cyber defenses, including removing barriers to ensure that IT service providers can share information with the federal government, including mandating that they share information in the event of a breach.
The order will mandate the use of multifactor authentication and encryption for federal government systems, as well as allow the government to secure cloud services and a zero-trust architecture, which the National Cybersecurity Center of Excellence (NCCoE) says “treats all users as potential threats and prevents access to data and resources until the users can be properly authenticated and their access authorized.”
The order will establish a Cybersecurity Safety Review Board jointly chaired by the government and the private sector, create baseline security standards for development of software sold to the government, come up with a standardized playbook for the federal response to cyber incidents and improve the ability to detect malicious activity on government networks.
The Biden Administration acknowledged that actions of the federal government alone in responding to cyber incidents are not enough, and called on private sector companies “to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”