What is the US Cybersecurity Executive Order?

Biden signs executive order to strengthen US cybersecurity, implementing new rules and regulations for the government to follow

Last week President Joe Biden signed an executive order that establishes the cybersecurity standards for all software sold to the federal government. The order also calls on all software utilised by the government to meet those standards within nine months.

The order follows several recent attacks, most recently a hack on the country's biggest pipeline, the Colonial Pipeline, that has seen fuel shortages and panic-buying across multiple states. Plus the software company SolarWind, whose software was hijacked to break into government agencies and steal thousands of officials’ emails.

“Today, more than ever, cybersecurity is a national security imperative and an economic imperative.  And I know I don’t need to say that, given what we’ve all just experienced in the last number of months,” says a senior administration official at the White House. 

 “So today’s executive order makes a down payment towards modernising our cyber defences and safeguarding many of the services on which we rely.  It reflects a fundamental shift in our mindset — from incident response to prevention, from talking about security to doing security — setting aggressive but achievable goals to make the federal government a leader in cybersecurity, and improve software security and incident response.”

What does the order include? 

According to the Fact Sheet issued by the White House, this Executive Order will:

  • Remove barriers to threat information sharing between government and the private sector
  • Modernise and implement stronger cybersecurity standards in the Federal Government
  • Improve software supply chain security
  • Establish a Cybersecurity Safety Review Board
  • Create a standard playbook for responding to cyber incidents
  • Improve detection of cybersecurity incidents on Federal Government networks
  • Improve investigative and remediation capabilities

The order also requires all government agencies to: 

  • Adopt multi-factor identification log-in systems within 180 days
  • Accelerate moves to the cloud and zero-trust frameworks
  • Decide which unclassified data is too sensitive to be kept in normal networks storage
  • Conduct more thorough reviews of critical software suppliers

It also states cyber-security vendors must report intrusions within 72 hours of discovery.

CompTIA, the nonprofit association for the information technology (IT) industry and workforce released a statement about Bidens order: "Our nation is at an inflection point in terms of cybersecurity policy, regulation, and legislation. The SolarWinds incident, Colonial Pipeline hack and scores of other cyberattacks that didn't make the headlines magnify the need for a national discourse on cybersecurity issues.

"As we continue to integrate emerging technologies into our federal cyber framework, it is essential to have a modernised architecture built on information sharing and real-time incident response. It is also a national imperative to move away from 'cyber shaming' agencies and private organisations that are victims of attacks. Instead, we should practice and promote more real-time information sharing about potential threats to create more 'noise' in the search for bad actors.” 

Share

Featured Articles

Rich investors drawn to digital assets despite crypto crash

The world’s wealthiest people are sold on the concept of digital assets, as a new survey shows they are being used to construct more resilient portfolios

Five minutes with: Katie Nykanen, Group CTO at QA

Katie Nykanen, CTO at QA, on being a role model for girls and young women and her hopes for the future

Big business bets on real-time data and event-streaming tech

By 2025, 90 per cent of the world’s largest companies will use real-time intelligence to improve customer experience and other areas, new research predicts

Mind your language: Is NLP a natural fit for the Metaverse?

AI & Machine Learning

Cyberattacks make a big difference to manufacturing profits

Cloud & Cybersecurity

ICYMI: Space blockchains and 6G predictions for the future

Digital Transformation