President Biden signed an Executive Order May 12 that is intended to improve the nation’s cybersecurity and protect federal government networks.
In releasing the order, the White House said that recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a “sobering reminder” that U.S. public and private sector entities increasingly face “sophisticated malicious cyber activity from both nation-state actors and cyber criminals.” It said these incidents share commonalities, including “insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”
The order aims to protect federal networks, improve information-sharing between the U.S. government and the private sector on cyber issues, and strengthen the United States’ ability to respond to incidents when they occur.
Advocacy group Protect Our Power renewed its call for the Biden administration and Congress to make the security and resilience of the U.S. electric grid a top priority in pending infrastructure legislation.
“We’ve been warned repeatedly during the last several years by major U.S intelligence agencies that a crippling cyberattack on our critical infrastructure was not a question of if, but when,” said Jim Cunningham, executive director of the grid advocacy group. The group said that the Colonial pipeline cyberattack and last year’s SolarWinds attack “makes it clear that our electric infrastructure is vulnerable” and in need of “significant” security upgrades.
The group pointed to the weather-related outages in Texas in February as an example of the financial and social costs that could result by losing power “even for a short period of time.”
pv magazine reported earlier this year that Biden said the government had elevated the status of cyber issues and was launching an “urgent initiative” to improve U.S. capability, readiness, and resilience in cyberspace. The earlier reporting said that solar energy systems of all sizes could pose a risk to the grid in much the same way that an attack on a conventional power plant could result in widespread blackouts.
Executive Order goals
The Executive Order that President Biden signed is intended to:
Remove Barriers to Threat Information Sharing Between Government and the Private Sector. The Executive Order aims to ensure that IT service providers are able to share information with the government and requires them to share certain breach information. Removing contractual barriers and requiring providers to share breach information that could impact government networks is necessary to enable more effective defenses of Federal departments, and to improve the nation’s cybersecurity as a whole.
Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. The Executive Order also intends to move the federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. It said that outdated security models and unencrypted data have led to compromises of systems in the public and private sectors.
Improve Software Supply Chain Security. The Executive Order also aims to improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It creates a public-private process to develop new and innovative approaches to secure software development and uses the power of federal procurement to incentivize the market. And, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can determine whether software was developed securely.
Establish a Cybersecurity Safety Review Board. The Executive Order establishes a Cybersecurity Safety Review Board, co-chaired by government and private-sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. This board is modeled after the National Transportation Safety Board, which is used after airplane crashes and other incidents.
Create a Standard Playbook for Responding to Cyber Incidents. The Executive Order aims to create a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. The playbook is intended to ensure all federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat. The playbook will also provide the private sector with a template for its response efforts.
Improve Detection of Cybersecurity Incidents on Federal Government Networks. The Executive Order intends to improve the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.
Improve Investigative and Remediation Capabilities. The Executive Order also creates cybersecurity event log requirements for federal departments and agencies. Poor logging hampers an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact. Robust and consistent logging practices will solve much of this problem.
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: firstname.lastname@example.org.