What is the US Cybersecurity Executive Order?

Biden signs executive order to strengthen US cybersecurity, implementing new rules and regulations for the government to follow

Last week President Joe Biden signed an executive order that establishes the cybersecurity standards for all software sold to the federal government. The order also calls on all software utilised by the government to meet those standards within nine months.

The order follows several recent attacks, most recently a hack on the country's biggest pipeline, the Colonial Pipeline, that has seen fuel shortages and panic-buying across multiple states. Plus the software company SolarWind, whose software was hijacked to break into government agencies and steal thousands of officials’ emails.

“Today, more than ever, cybersecurity is a national security imperative and an economic imperative.  And I know I don’t need to say that, given what we’ve all just experienced in the last number of months,” says a senior administration official at the White House. 

 “So today’s executive order makes a down payment towards modernising our cyber defences and safeguarding many of the services on which we rely.  It reflects a fundamental shift in our mindset — from incident response to prevention, from talking about security to doing security — setting aggressive but achievable goals to make the federal government a leader in cybersecurity, and improve software security and incident response.”

What does the order include? 

According to the Fact Sheet issued by the White House, this Executive Order will:

  • Remove barriers to threat information sharing between government and the private sector
  • Modernise and implement stronger cybersecurity standards in the Federal Government
  • Improve software supply chain security
  • Establish a Cybersecurity Safety Review Board
  • Create a standard playbook for responding to cyber incidents
  • Improve detection of cybersecurity incidents on Federal Government networks
  • Improve investigative and remediation capabilities

The order also requires all government agencies to: 

  • Adopt multi-factor identification log-in systems within 180 days
  • Accelerate moves to the cloud and zero-trust frameworks
  • Decide which unclassified data is too sensitive to be kept in normal networks storage
  • Conduct more thorough reviews of critical software suppliers

It also states cyber-security vendors must report intrusions within 72 hours of discovery.

CompTIA, the nonprofit association for the information technology (IT) industry and workforce released a statement about Bidens order: "Our nation is at an inflection point in terms of cybersecurity policy, regulation, and legislation. The SolarWinds incident, Colonial Pipeline hack and scores of other cyberattacks that didn't make the headlines magnify the need for a national discourse on cybersecurity issues.

"As we continue to integrate emerging technologies into our federal cyber framework, it is essential to have a modernised architecture built on information sharing and real-time incident response. It is also a national imperative to move away from 'cyber shaming' agencies and private organisations that are victims of attacks. Instead, we should practice and promote more real-time information sharing about potential threats to create more 'noise' in the search for bad actors.” 

Share

Featured Articles

How Zscaler AI Innovation is Powering Data Protection

With its AI-powered Data Protection Platform, Zscaler is delivering cutting-edge innovations to provide comprehensive data security

How NetApp Unified Data Storage is Powering the AI Era

With powerful unified storage, NetApp is enabling organisations to accelerate AI innovation and unlock the full potential of their data assets

Tech & AI LIVE London – One Week to Go

Just one more week to go until Tech & AI LIVE returns to the virtual stage – May 21 2024

What Adam Selpisky’s Shock Departure Means for AWS

Digital Transformation

SAP & FC Bayern: Technology Drives Efficiency & Scalability

Digital Transformation

EY: Tech CEOs Double Down on Tech, Data & Cyber Investments

IT Procurement