Executive Order Mandates Enhancing Threat Communication, Modernizing Cybersecurity Infrastructure
President Joe Biden signed an executive order on Wednesday to improve national cybersecurity in an effort to combat future cyberattacks. The order follows the SolarWinds and Microsoft Exchange cyberattacks impacting federal agencies as well as the recent Colonial Pipeline ransomware attack that caused states of emergency in several states.
The policy statement introducing the order explains, “The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors. The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned.”
The order encourages private sector collaboration to identify cyber incidents and improve security.
The order first seeks to remove barriers to sharing threat information. The order calls for the Director of the Office of Management and Budget (OMB), in consultation with the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, to review acquisition regulations regarding federal IT contracts to ensure federal data is secure. This section of the order also mandates IT service providers collaborate with federal cybersecurity, law enforcement, and investigative agencies to monitor networks and coordinate on potential threats.
The order calls for the aforementioned leaders to recommend standardized contract language for appropriate cybersecurity requirements to the Federal Acquisition Regulation (FAR) Council.
The next section seeks to modernize federal cybersecurity through updated plans, increased coordination on cloud technology, and improving cloud-service governance frameworks to identify a range of services and protections available to agencies following a cybersecurity incident.
The order also has sections related to:
enhancing software supply chain security,
establishing a Cyber Safety Review Board,
standardizing the federal government’s playbook for responding to cybersecurity vulnerabilities and incidents
improving detection of cybersecurity vulnerabilities and incidents on federal government networks, and
improving the federal government’s investigative and remediation capabilities.
The order directs all National Security Systems to update their cybersecurity requirements in accordance with the executive order. These information systems are operated by the U.S. government, its contractors, or agents which contain classified information or that:
involve intelligence activities;
involve cryptographic activities related to national security;
involve command and control of military forces;
involve equipment that is an integral part of a weapon or weapons system(s); or
are critical to the direct fulfillment of military or intelligence missions (not including routine administrative and business applications).
“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid,” the order explains.