By Daniel Hale, PhD
May 30, 2021, 1:30pm EDT
WASHINGTON — President Joe Biden signed an executive order Wednesday aimed at strengthening U.S. cybersecurity defenses, a move that follows a series of sweeping cyberattacks on private companies and federal government networks over the past year. The action comes on the heels of a crippling ransomware attack on the Colonial Pipeline Co. which led to widespread fuel shortages along the East Coast and prompted an all-of-government response.
The Colonial Pipeline attack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, allowing cyber criminals to gain access to communications and data in several government agencies. Biden’s executive order calls for the federal government and private sector to confront “persistent and increasingly sophisticated malicious cyber campaigns” that threaten U.S. security. Biden’s executive order takes a number of steps aimed at modernizing the nation’s cybersecurity:
Improves info-sharing within the federal government by enacting a government-wide endpoint detection and response system.
This order is directed to U.S. federal government agencies. However, it reflects a growing sentiment that leaders of organizations should be proactive in managing cyber security as an executive management function as opposed to a purely technology-related undertaking.
“This is important,” says Thomas View, managing director of cybersecurity law firm TEMVI, PLLC “because it points to growing demand for accountability from government leaders for cybersecurity. Like most federal government requirements, compliance specifications will flow down into any business or agency that interacts with the government in any way. The government systems can be no more secure than those of the government contractors, nonprofits, and state and government actors that interface with them.”
View also points out that “Unlike public officials, CEOs and board members of private concerns do not enjoy any qualified immunity against personal and criminal liability associated with cyberattacks.”
Ayan View contributed to this story.
Copyright 2021 TEMVI, PLLC All Rights Reserved