Biden Administration Signs Executive Order Aimed at Hardening Fed Cybersecurity Defenses

The News: The Biden administration signed an executive order on Wednesday, May 12, 2020 aimed at hardening the Federal government’s cybersecurity cybersecurity defenses following the Colonial Pipeline hack. More at CNBC. Biden Administration Signs Executive Order Aimed at Hardening Fed Cybersecurity Defenses Analyst Take: The executive order signed by President Biden directs the Commerce Department to create new standards for software vendors supplying the federal government. While this executive order immediately followed the Colonial Pipeline ransomware attack and the fallout from that, no doubt the recent SolarWinds attack, along with the Microsoft Exchange server attacks play a role in the government stepping in. The Executive Order addresses the fact that the incremental improvements that have heretofore been made along the way are not effective at providing the security the Federal government needs and that “bold changes and significant investments” are needed to defend the many institutions that are a necessary part of American life. It finally seems clear that cybersecurity is and must be a top priority for the Federal government and, more importantly, that the Feds intend to lead by example as it relates to standards and requirements. Under the executive order, the standard for software vendors supplying to the federal government will essentially be a rating system that mandates multi-factor user verification to new technology, and also requires added encryption. Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA) remarked on this in a podcast on CBS this last week saying that this action by Biden is a “dramatic game change” and showed a commitment by the administration of prioritizing cybersecurity concerns. He also mentioned that establishing these kinds of standards will have a “cascading effect” for products sold to others, not only impacting government entities. Now is a great time to be in the business of selling solutions that provide enhanced security, like IBM’s Confidential Computing and AWS’s Nitro Enclave, both of which we’ve written about before here. This order establishes a Cybersecurity Safety Review Board that is modeled after the National Transportation Safety Board and which includes members from both private and public sectors. Equally as important, it also clearly shows the administration’s intent to move the federal government to cloud systems that are more secure. My colleague Fred McClimans and I covered this Executive Order in our Cybersecurity Shorts series of the Futurum Tech Webcast this last week. You’ll find our discussion on that topic here: You can find the full text of the Executive Order on Improving the Nation’s Cybersecurity here.