Biden's Cybersecurity Order

By Daniel Hale, PhD

May 30, 2021, 1:30pm EDT 

WASHINGTON — President Joe Biden signed an executive order Wednesday aimed at strengthening U.S. cybersecurity defenses, a move that follows a series of sweeping cyberattacks on private companies and federal government networks over the past year. The action comes on the heels of a crippling ransomware attack on the Colonial Pipeline Co. which led to widespread fuel shortages along the East Coast and prompted an all-of-government response. 

The Colonial Pipeline attack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, allowing cyber criminals to gain access to communications and data in several government agencies. Biden’s executive order calls for the federal government and private sector to confront “persistent and increasingly sophisticated malicious cyber campaigns” that threaten U.S. security. Biden’s executive order takes a number of steps aimed at modernizing the nation’s cybersecurity: 

  • Requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks and removes certain contractual barriers that might stop providers from flagging breaches. 
  • Creates a standardized playbook and set of definitions for federal responses to cyber incidents. Pushes the federal government toward upgrading to secure cloud services and other cyber infrastructure. 
  • Mandates government deployment of multifactor authentication and encryption. Improves security of software sold to the government by making developers share certain security data. 
  • Establishes a “Cybersecurity Safety Review Board” comprising public- and private-sector officials, which can convene after cyberattacks to analyze the situation and make recommendations.

Improves info-sharing within the federal government by enacting a government-wide endpoint detection and response system.  

This order is directed to U.S. federal government agencies. However, it reflects a growing sentiment that leaders of organizations should be proactive in managing cyber security as an executive management function as opposed to a purely technology-related undertaking. 

“This is important,” says Thomas View, managing director of cybersecurity law firm TEMVI, PLLC “because it points to growing demand for accountability from government leaders for cybersecurity. Like most federal government requirements, compliance specifications will flow down into any business or agency that interacts with the government in any way. The government systems can be no more secure than those of the government contractors, nonprofits, and state and government actors that interface with them.” 

 View also points out that “Unlike public officials, CEOs and board members of private concerns do not enjoy any qualified immunity against personal and criminal liability associated with cyberattacks.”

Ayan View contributed to this story.

Copyright 2021 TEMVI, PLLC All Rights Reserved