What is the US Cybersecurity Executive Order?

Biden signs executive order to strengthen US cybersecurity, implementing new rules and regulations for the government to follow

Last week President Joe Biden signed an executive order that establishes the cybersecurity standards for all software sold to the federal government. The order also calls on all software utilised by the government to meet those standards within nine months.

The order follows several recent attacks, most recently a hack on the country's biggest pipeline, the Colonial Pipeline, that has seen fuel shortages and panic-buying across multiple states. Plus the software company SolarWind, whose software was hijacked to break into government agencies and steal thousands of officials’ emails.

“Today, more than ever, cybersecurity is a national security imperative and an economic imperative.  And I know I don’t need to say that, given what we’ve all just experienced in the last number of months,” says a senior administration official at the White House. 

 “So today’s executive order makes a down payment towards modernising our cyber defences and safeguarding many of the services on which we rely.  It reflects a fundamental shift in our mindset — from incident response to prevention, from talking about security to doing security — setting aggressive but achievable goals to make the federal government a leader in cybersecurity, and improve software security and incident response.”

What does the order include? 

According to the Fact Sheet issued by the White House, this Executive Order will:

  • Remove barriers to threat information sharing between government and the private sector
  • Modernise and implement stronger cybersecurity standards in the Federal Government
  • Improve software supply chain security
  • Establish a Cybersecurity Safety Review Board
  • Create a standard playbook for responding to cyber incidents
  • Improve detection of cybersecurity incidents on Federal Government networks
  • Improve investigative and remediation capabilities

The order also requires all government agencies to: 

  • Adopt multi-factor identification log-in systems within 180 days
  • Accelerate moves to the cloud and zero-trust frameworks
  • Decide which unclassified data is too sensitive to be kept in normal networks storage
  • Conduct more thorough reviews of critical software suppliers

It also states cyber-security vendors must report intrusions within 72 hours of discovery.

CompTIA, the nonprofit association for the information technology (IT) industry and workforce released a statement about Bidens order: "Our nation is at an inflection point in terms of cybersecurity policy, regulation, and legislation. The SolarWinds incident, Colonial Pipeline hack and scores of other cyberattacks that didn't make the headlines magnify the need for a national discourse on cybersecurity issues.

"As we continue to integrate emerging technologies into our federal cyber framework, it is essential to have a modernised architecture built on information sharing and real-time incident response. It is also a national imperative to move away from 'cyber shaming' agencies and private organisations that are victims of attacks. Instead, we should practice and promote more real-time information sharing about potential threats to create more 'noise' in the search for bad actors.” 

Share

Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation