Biden signs executive order to improve cybersecurity in wake of Colonial Pipeline attack

President Joe Biden signed an executive order Wednesday to improve cybersecurity and protect federal government networks following the recent Colonial Pipeline cyberattack.

This executive order seeks to modernize cybersecurity defenses, improve information-sharing between the U.S. government and the private sector, and strengthen the nation’s ability to respond to incidents when they occur.

Specifically, the order ensures that IT Service Providers are able to share information with the government and requires them to share certain breach information. Often, IT providers are hesitant or unable to voluntarily share information about a compromise for contractual or other reasons. This removes that barrier and requires them to share breach information that could impact government networks. In addition, the order moves the federal government to secure cloud services and a zero-trust architecture, and mandates deployment of multifactor authentication and encryption with a specific time period. Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors.

Further, the order will establish security standards for the development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available. Also, it creates a pilot program to create an “energy star” type of label so the government – and the public – can quickly determine whether software was developed securely.

Also, the executive order establishes a Cybersecurity Safety Review Board, co-chaired by government and private sector leads, that may convene following a significant cyber incident to analyze what happened and make recommendations for improving cybersecurity. Further, it fosters the creation of a standardized playbook for cyber incident response by federal departments and agencies.

Finally, the executive order seeks to improve the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the federal government. It also establishes cybersecurity event log requirements for federal departments and agencies as poor logging hampers an organization’s ability to detect intrusions.

The Colonial Pipeline resumed operations Wednesday after being shut down since May 7, when it was subject to a ransomware cyberattack. On May 13, each market that the Colonial Pipeline services will be receiving gas, company officials reported.

“As supplies return to normal, we will also continue our whole-of-government effort to mitigate any challenges, including the swift steps we’ve taken to boost gas supply in affected States through actions by the EPA, the Department of Transportation, the Department of Energy, the Department of Homeland Security, and other agencies,” White House press secretary Jen Psaki said. The Secretary of Homeland Security issued a temporary and targeted Jones Act waiver to an individual company. This waiver will enable the transport of additional gas and jet fuel between the Gulf Coast and East Coast ports to ease supply constraints, Psaki said.

The White House said the executive order is the first of many steps the Biden Administration is taking to modernize national cyber defenses. It encourages private sector companies to follow the federal government’s lead and augment and align cybersecurity investments to minimize future incidents.

“EEI and our member companies appreciate that cybersecurity has been, and continues to be, a priority for President Biden and his administration,” Edison Electric Institute (EEI) President Tom Kuhn said. “This executive Order clearly acknowledges the value of government-industry partnership, and we support the stated national security goals that aim to improve coordination across government and with the private sector to prepare for and respond to threats from malicious cyber actors. We have long maintained that grid security is a shared responsibility and addressing dynamic threats to the energy grid requires vigilance and coordination that leverages both government and industry resources.”