President Biden has signed an Executive Order that seeks to modernize the cybersecurity defenses of the federal government and protect its networks from cyber threats. The Executive Order, which runs to 34 pages, seeks to improve the IT infrastructure of the Federal government to make it more resilient to cyberattacks, better prepare government agencies to allow a swift and effective response in the event of an attack, and improve information sharing between the government, law enforcement agencies, and the private sector.
The Executive Order comes a few weeks after several high profile cyberattacks that have impacted multiple government agencies, including the SolarWinds Orion supply chain attack, attacks on Microsoft Exchange servers, and the DarkSide ransomware attack on Colonial Pipeline.
The United States is facing increasingly sophisticated cyber threats from nation state actors and cybercriminal organizations, and the successes of those cyberattacks is, to a large part, due to a lack of appropriate cybersecurity defenses and poor preparation and response.
While the Executive Order seeks to improve the defenses of the Federal government, the recent cyberattack on Colonial Pipeline is a reminder than much of the nation’s critical infrastructure is owned and operated by the private sector. The Biden Administration is urging critical infrastructure owners and operators, and other private sector firms, to follow the lead of the Federal government in improving cybersecurity defenses to make it harder for cyberattacks to succeed and to develop an incident response plan to minimize damage and disruption to operations in the event of a cyberattack.
The cyberattack on Colonial Pipeline is a good case in point. Following a ransomware attack on its IT infrastructure, the company was forced to shut down operational technology networks, which resulted in the fuel pipeline serving the East Coast being shut down for almost a week, severely disrupting the supply of gasoline, diesel and jet fuel. Colonial Pipeline reportedly paid a $5 million ransom to accelerate recovery.
The Executive Order on Improving the Nation’s Cybersecurity will be implemented in stages. Strict deadlines for each element of the Executive Order have been set, with the first requirements due to be implemented in a month and the remainder spread over the course of the next 12 months.
Key elements of the Executive Order are:
- The removal of barriers to threat information sharing between the government and private sector to make it easier for private sector companies to share threat intelligence and information about security breaches that could potentially impact Federal networks.
- Modernizing and implementing stronger cybersecurity standards in the Federal government, including adopting a zero-trust architecture, widespread deployment of multi-factor authentication and encryption, and an accelerated transition to secure cloud services.
- Improving software supply chain security by establishing baseline security standards for software sold to the U.S. government. This includes requiring developers to maintain greater visibility into their software solutions and making security data publicly available. A pilot “energy star” label program will be launched to allow the government, and the public, to easily determine whether software was developed securely.
- The creation of a Cybersecurity Safety Review Board which will include government and private sector leads. The Review Board will meet following significant cyber incidents to analyze what has happened and make recommendations to improve cybersecurity to prevent recurrences.
- Creation of a standard cyber incident response playbook. Departments and agencies must know how they must respond in the event of a cyberattack in advance and to develop uniform steps to identify and mitigate threats.
- Improved monitoring and detection of cybersecurity incidents on Federal government networks, including enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.
- Improved investigative and remediation capabilities, including requirements for detailed security event logs for federal departments and agencies to allow incidents to quickly be investigated and remediated.