President signs Executive Order to improve the nation’s cybersecurity

WASHINGTON—On the heels of arguably the largest cyberattack against U.S. critical infrastructure in the country’s history, President Biden on Wednesday signed an Executive Order to improve the nation’s cybersecurity and protect Federal Government networks.

The Executive Order was signed less than a week after the devastating ransomware attack by cybercriminal group DarkSide on Colonial Pipeline, which operates the country’s largest fuel pipeline, delivering an estimated 45 percent of fuel consumed on the East Coast. Colonial Pipeline announced on Thursday, May 13, that it has resumed fuel delivery in a majority of the markets that it services.  

According to a White House statement, the Executive Order “makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur.”

The White House also acknowledged recent cyberattacks on SolarWinds and Microsoft Exchange that led to the signing of the Executive Order.

“(These incidents) are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals,” the statement read. “These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”

Specifically, the Executive Order that President Biden signed will:

Remove Barriers to Threat Information Sharing Between Government and the Private Sector

The Executive Order ensures that IT service providers are able to share information with the government and requires them to share certain breach information. IT providers are often hesitant or unable to voluntarily share information about a compromise. Sometimes this can be due to contractual obligations; in other cases, providers simply may be hesitant to share information about their own security breaches. Removing any contractual barriers and requiring providers to share breach information that could impact government networks is necessary to enable more effective defenses of federal departments, and to improve the nation’s cybersecurity as a whole.

Modernize and Implement Stronger Cybersecurity Standards in the Federal Government

The Executive Order helps move the Federal Government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors. The Federal Government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model, accelerating movement to secure cloud services, and consistently deploying foundational security tools such as multifactor authentication and encryption.

Improve Software Supply Chain Security

The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. It stands up a concurrent public-private process to develop new and innovative approaches to secure software development and uses the power of Federal procurement to incentivize the market. Finally, it creates a pilot program to create an “energy star” type of label so the government – and the public at large – can quickly determine whether software was developed securely. Too much of our software, including critical software, is shipped with significant vulnerabilities that our adversaries exploit. This is a long-standing, well-known problem, but for too long we have kicked the can down the road. We need to use the purchasing power of the Federal Government to drive the market to build security into all software from the ground up.

Establish a Cybersecurity Safety Review Board

The Executive Order establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity. Too often organizations repeat the mistakes of the past and do not learn lessons from significant cyber incidents. When something goes wrong, the Administration and private sector need to ask the hard questions and make the necessary improvements. This board is modeled after the National Transportation Safety Board, which is used after airplane crashes and other incidents.

Create a Standard Playbook for Responding to Cyber Incidents

The Executive Order creates a standardized playbook and set of definitions for cyber incident response by federal departments and agencies. Organizations cannot wait until they are compromised to figure out how to respond to an attack. Recent incidents have shown that within the government the maturity level of response plans vary widely. The playbook will ensure all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat. The playbook will also provide the private sector with a template for its response efforts.

Improve Detection of Cybersecurity Incidents on Federal Government Networks

The Executive Order improves the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal Government. Slow and inconsistent deployment of foundational cybersecurity tools and practices leaves an organization exposed to adversaries. The Federal Government should lead in cybersecurity, and strong, Government-wide Endpoint Detection and Response (EDR) deployment coupled with robust intra-governmental information sharing are essential.

Improve Investigative and Remediation Capabilities

The Executive Order creates cybersecurity event log requirements for federal departments and agencies. Poor logging hampers an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact. Robust and consistent logging practices will solve much of this problem.

“It (Executive Order) is the first of many ambitious steps the Administration is taking to modernize national cyber defenses,” the White House statement said. “However, the Colonial Pipeline incident is a reminder that federal action alone is not enough. Much of our domestic critical infrastructure is owned and operated by the private sector, and those private sector companies make their own determination regarding cybersecurity investments. We encourage private sector companies to follow the Federal Government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”