Dating back to SolarWinds — the fallout to which started a few months before his administration — and continuing through the Microsoft Exchange hacking and the Colonial Pipeline shutdown, the Biden administration has been beset with wall to wall cybersecurity crises. Today, President Joe Biden signed an executive order to fight back.
The long-awaited executive order has been in the works since the first weeks of the presidency.
“Today’s executive order makes a down payment towards modernizing our cyber defenses and safeguarding many of the services, on which we rely,” a senior administration official told reporters.
The executive order operates within the federal government and uses some of its buying power to influence broader private sector practices. Regarding the government, it encourages federal systems to invest in secure cloud services, detection and zero-trust architecture, and mandates multifactor authentication, logging, and encryption. The order creates a standard playbook for agencies to respond to breaches.
The order intersects with the private sector by extending requirements to federal suppliers, including notifying the government of breaches that could impact national security and setting minimum security standards for software sold to the government. It also creates a public/private review board to deconstruct and learn from major cyber incidents the way the National Transportation Review Board investigates plane crashes. The review board would be chaired by private sector representatives to show the administrations’ intent to work with and not against industry.
Congress is currently mulling a similar requirement for all companies, not just ones with federal clients, to notify government of breaches that could impact national security. The administration official told reporters the executive order gives the Hill “opportunity to say which of these [ideas] should be applied more broadly.”
Source: SC Media