The order is aimed at modernizing the government’s response to cyberattacks.
President Joe Biden signed an executive order Wednesday aimed at modernizing the federal government’s response to cyberattacks — by “improving information-sharing between the U.S. government and the private sector on cyber issues,” improving detection of hacks into federal systems, and creating a “standardized playbook” for how the government responds to attacks, according to the White House.
Facing questions about why the U.S. isn’t better prepared to protect its infrastructure from hacks like the ransomware attack on the Colonial Pipeline, the order seeks to bring the federal government more up to speed.
However, while it removes barriers to the private sector sharing info with the federal government about hacks, it stops short of mandating companies like Colonial Pipeline share information. A senior administration official clarified on a call with reporters that the federal government would mandate private companies “doing business with the federal government” share information with it about hacks.
“We pushed the authority as far as we could,” the official told reporters, “and said anybody doing business with the U.S. government will have to share incidents, so that we can use that information to protect Americans more broadly.”
“This executive order is about taking the steps necessary to prevent cyber intrusions from happening in the first place. And second, ensuring we’re well positioned to react rapidly to address incidents when they do occur,” the official continued.
The Biden administration has been working on this executive order since its second week, the official told reporters, and it is expected to help address hacks similar to the one that hit the Colonial Pipeline.
“Colonial fundamentally was an IT incident, and this executive order will make IT software more secure,” the official said.
The order will require all software bought by the federal government to meet certain security standards within nine months, the official said. And it “creates a pilot program to create an ‘energy star’ type of label so the government — and the public at large — can quickly determine whether software was developed securely,” the White House said.
“We’re working to bring visibility to the security of software,” the official said, “akin to the way New York brought visibility and cleanliness to New York City restaurants by requiring restaurants to post simple ratings like A, B, C or D, regarding their cleanliness in their windows.”