Biden Signs Order to Boost Cybersecurity After Pipeline Hack
(Bloomberg) -- President Joe Biden on Wednesday signed an executive order intended to strengthen U.S. cybersecurity by improving information sharing about attacks with the private sector and adopting better safety practices throughout the government.
It also seeks to improve the government’s response to major cyber-attacks.
The order has been in the works for months but was released less than a week after a ransomware attack on Colonial Pipeline Co. forced the company to cut off the flow of fuel to much of the U.S. East Coast, leading to gasoline shortages and filling stations running out. Colonial said Wednesday evening that the pipeline was returning to service.
In a statement outlining the order, the White House stated that much of the U.S.’s critical infrastructure is owned and operated by the private sector, and it urged those companies to bolster their own cyber defenses.
“The Colonial Pipeline incident is a reminder that federal action alone is not enough,” according to White House statement. “We encourage private-sector companies to follow the federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”
The order requires IT service providers with government contracts to share information about cyber-incidents with the U.S., an idea that has previously ran aground because of a reluctance to disclose hacks and contractual barriers, which the White House vowed to remove. The service providers will be required to share the information within specific time lines, a sliding scale based on the severity of the incident, according to a senior administration official, who was granted anonymity to discuss the order.
It also seeks to move the federal government toward more modern and safer computer networks, embracing secure cloud services, encryption and multifactor authentication within six months. The order pledges to improve the government’s ability to detect hackers in its networks and to keep logs of computer activity to ward off hacks and speed up detection after a breach.
The president’s order calls for new standards for the security of the software supply chain, which was compromised as part of the so-called SolarWinds attack last year. In that instance, Russian hackers installed a backdoor in software for Texas-based SolarWinds Corp. software, which some customers installed during updates.
The hackers ultimately infiltrated nine federal agencies and about 100 companies using the SolarWinds’s backdoor, in addition to other methods.
The senior administration official said the order only makes a down payment toward modernizing cyber defenses, and stressed that the White House wants to focus on building more secure software products for Americans. As such, software purchased by the federal government must meet the new standards within nine months, the official said. Other improvements in the federal government will be rolled out within six months.
“Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity,” according to the White House statement. “These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents.”
Earlier this year, China-linked hackers used a vulnerability in Microsoft Corp.’s software for email to infiltrate tens of thousands of organizations.
But officials, speaking on condition of anonymity, said that if all the provisions in the order had been in place, it might not have prevented the attack on SolarWinds or the Colonial Pipeline.
“This executive order is a good first step, but executive orders can only go so far. Congress is going to have to step up and do more to address our cyber vulnerabilities,” according to Senator Mark Warner, a Virginia Democrat and chairman of the Senate Intelligence Committee.
Hackers stole almost 100 gigabytes of data from company networks in just two hours, before locking its computers with ransomware and demanding payment, according to two people familiar with the investigation. A ransomware group called DarkSide is suspected to be behind the attack.
©2021 Bloomberg L.P.