WASHINGTON: The Biden government today issued a long-awaited cyber executive order compelling federal entrepreneurs to share information about cyber incidents, including establishing a cybersecurity review body.
“Today’s Executive Order is a down payment to modernize our cyber defenses and protect many of the services we rely on,” said a senior administration official. “It reflects a fundamental shift in the way we think – from responding to incidents to prevention, from discussing safety to security.”
The order follows three consecutive cyber campaigns: SolarWinds, Microsoft Exchange Server Hacks, and Colonial Pipeline. The government remains heavily involved in handling the recent incident. Colonial Pipeline announced today that it has restarted pipeline operations.
SolarWinds in particular seems to have had a major impact on the EO. “In responding to SolarWinds incidents,” said the chief administrative officer, “we were faced with the harsh truth that some of the most basic cybersecurity prevention and response measures were not systematically implemented in all federal agencies.”
“So we have identified a small set of cyber defense mechanisms that, when implemented, make it difficult for an adversary to compromise and operate on a hacked network.”
The PO says: “The trust we place in our digital infrastructure should be proportional to how trustworthy and transparent this infrastructure is and what the consequences are if this trust is out of place.”
To this end, the PO sets a number of short-term timelines for several objectives:
Removal of obstacles to the exchange of threat information Modernization of federal cybersecurity Improvement of security in the supply chain Establishment of an examination committee for cybersecurity Standardization of the federal government’s “playbook” for answering incidents Improvement of detection in federal networks Improvement of investigative and remedial measures by the federal government Improvement of Government investigative and remedial actions Establish requirements for national security systems
In particular, the PO requires that service providers for information and communication technology (ICT) report cyber incidents with federal contracts. “ICT service providers who enter into contracts with agencies must report to these agencies immediately if they discover a cyber incident involving a software product or service provided to these agencies or a support system for a software product or service Service that is made available to these agencies ”, says the PO Status. In some cases, the PO also requires reporting of cyber incidents to CISA.
The PO also instructs the agencies within the federal government to “develop procedures to ensure that reports on cyber incidents are exchanged promptly and appropriately between the agencies”.
The EO establishes a Cybersecurity Safety Review Board, which is similar to the National Transportation Safety Board for cyber incidents. The Cybersecurity Safety Review Board is chaired by government and private sector co-chairs.
According to the EO, several technologies must be introduced in federal networks within a certain period of time. This includes multi-factor authentication, encryption, endpoint detection, logging and operation in an untrustworthy environment.
“We commend the Biden administration for their ongoing efforts to combat the recent SolarWinds SUNBURST attack on public and private networks,” said Steve Grobman, CTO of McAfee. “The administration’s focus on data, objectivity and constructive action ensures that we as a nation can address this new threat from modernizing federal cybersecurity.”