Biden’s executive order addresses enhanced cybersecurity for both public and private organizations.
President Joe Biden signed an executive order Wednesday to strengthen the nation’s cybersecurity and protect information networks owned by the federal government. The announcement was made by the White House.
Recent cybersecurity incidents, such as the SolarWinds, Microsoft Exchange and Colonial pipeline hacking attacks, were another sobering reminder that American public and private organizations are increasingly faced with sophisticated malicious cybercrime by both entire nations and individual hacker groups. All of these incidents share common traits, most notably inadequate cyber defenses that leave public and private organizations vulnerable to criminals.
The White House notes that the executive order will make “significant contributions to modernizing cybersecurity defenses, protecting federal networks, improving information sharing between the U.S. government and the private sector on cybersecurity issues, and enhancing the ability of the United States to respond” to such incidents. The executive order, the White House said, was only the first of many steps planned by the administration to modernize the nation’s cyber defense.
But the Colonial pipeline incident was a reminder that federal action alone is not enough. Much of the critical infrastructure in the U.S. is owned by the private sector, and those companies make their own decisions about cybersecurity investments. The administration has urged private companies to follow the federal government’s lead and significantly increase investment in cybersecurity “to minimize such incidents in the future.”
Among the measures outlined in Biden’s order are removing barriers to sharing cyber threat information between the government and the private sector, improving security in software supply chains, creating a cybersecurity review board, and implementing standard guidelines for responding to cybersecurity incidents.
In addition, President Biden has ordered modernization and implementation of more stringent cybersecurity standards across the federal government, improved cybersecurity incident detection systems on federal networks, and better practices for investigating such incidents.