US President signs executive order to build-up U.S. Cyber Security -defenses

shape
shape
shape
shape
shape
shape
shape
shape

President Joe Biden has signed an executive order which aims to strengthen the country’s cyber stance, threat intelligence sharing, and cyberattack response efforts. The action comes as the country’s largest fuel pipeline was forced to shut down due to a ransomware attack which led to widespread fuel shortages along the East Coast and prompted an all-of-government response.

The Colonial Pipeline hack is only the latest in a long chain of cyber attacks on the country’s private companies and government agencies. Just last year, software company Solar Winds was a victim of a cyberattack that spread to its clients and went undetected for months. The hackers were able to use the hack to spy on top private companies and various government agencies including the Department of Homeland Security and Treasury Department.

The executive order is the latest step by the Biden administration to strengthen the country’s overall cyber posture. 

Biden’s executive order takes several steps aimed at strengthening the nation’s cybersecurity:

  • Requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks, and removes certain contractual barriers that might stop providers from flagging breaches.
  • Creates a standardized playbook and set of definitions for federal responses to cyber incidents.
  • Pushes the federal government toward upgrading to secure cloud services and other cyberinfrastructure, and mandates the deployment of multifactor authentication and encryption with a specific time period.
  • Improves security of software sold to the government, including by making developers share certain security data publicly.
  • Establishes a “Cybersecurity Safety Review Board” comprising public- and private-sector officials, which can convene after cyber attacks to analyze the situation and make recommendations.
  • Improves info-sharing within the federal government by enacting a government-wide endpoint detection and response system.

News of the president’s action came about an hour after Colonial announced it had restarted pipeline operations. The cybersecurity experts welcome this move by the government, though many suggest it should have come earlier.