Senior administration offical talks about the features of Biden's Executive Order on cybersecurity in response to the Colonial Pipeline hack.
On Wednesday afternoon, President Biden signed an Executive Order on cybersecurity in response to growing incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline. All these cyber-attacks indicate poor software security, and according to the administration official “the current market development of “build, sell, and maybe patch later” means we routinely install software with significant vulnerabilities into some of our most critical systems and infrastructure.”
Senior White Official told The Pavlovic Today that the pipeline hack is a “sobering reminder” that the U.S. public and the private sector are becoming targets of both nation-state actors and cybercriminals.
In the USA, a significant amount of critical infrastructure is owned and operated by the private sector. The Colonial Pipeline hack perpetrated by DarkSide is a poignant reminder that private companies have to ramp up and invest in software security.
“The Colonial Pipeline incident is a reminder that federal action alone is not enough,” said a senior administration official.
The long-awaited Executive Order the Biden team has been working on since week two of the administration wants to modernize cybersecurity defenses and will focus on the following:
1. Information Sharing Between Government and the Private Sector
Going forward, I.T. Service Providers will be able to share breach information with the government. “We’re really creating a common threshold across the federal government to say, “Let’s make sure that info is shared so all can defend themselves and all can get out information to private-sector stakeholders and others to enable them to defend themselves as well,” said the senior administration official.
The Executive Order will also help move the Federal government to secure cloud services and it will mandate multifactor authentication and encryption.
“Outdated security models and unencrypted data have led to compromises of systems in the public and private sectors,” an official said. “The Federal government must lead the way and increase its adoption of security best practices.”
2. Leveling up Software Security
The Executive Order will improve software security by establishing baseline security standards for software sold to the government. “Colonial, fundamentally, was an IT incident, and this executive order will make IT software more secure. And because the U.S. government uses SCADA software, any SCADA software sold to the U.S. will have to meet the standards referenced in the executive order,” a senior administration official said.
Developers will be required to maintain greater visibility into their software and make security data publicly available.
“Too much of our software, including critical software, is shipped with significant vulnerabilities that our adversaries exploit. This is a long-standing, well-known problem, but we have kicked the can down the road for too long,” the official said.
3. Cybersecurity Safety Review Board
The Executive Order will establish a Cybersecurity Safety Review Board, that will be co-chaired by government and private sector members. “Too often, organizations repeat the mistakes of the past and do not learn lessons from significant cyber incidents. When something goes wrong, the Administration and private sector need to ask the hard questions and make the necessary improvements,” a senior administration official said. Cybersecurity Safety Review Board will be modeled after the National Transportation Safety Board, used after airplane crashes.
4. Playbook for Responding to Cyber Incidents
The Executive Order will create a standardized playbook and definitions for cyber incident response by federal departments and agencies. Recent incidents have shown that within the government, the maturity level of response plans varies widely.
The playbook will be designed to ensure that all Federal agencies meet a certain threshold and are prepared to take uniform steps to identify and mitigate a threat. The playbook will also provide the private sector with a template for its response efforts.
5. Detection of Cybersecurity Incidents on Federal Government Networks
The Executive Order will try to improve the ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improved information sharing within the Federal government.
Endpoint detection, logging, and multi-factor authentication will be rolled out within six months and on even tighter timelines where required.
The EO reflects a fundamental shift in the U.S. government’s mindset. “From incident response to prevention, from talking about security to doing security — setting aggressive but achievable goals to make the federal government a leader in cybersecurity, and improve software security and incident response,” senior administration official concluded.