WASHINGTON — President Joe Biden signed an executive order Wednesday aimed at strengthening U.S. cybersecurity defenses, a move that follows a series of sweeping cyberattacks on private companies and federal government networks over the past year.
The action comes as Colonial Pipeline continues to grapple with a crippling ransomware attack, which has led to widespread fuel shortages along the East Coast and prompted an all-of-government response.
The Colonial Pipeline hack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, allowing hackers to gain access to communications and data in several government agencies.
The president’s executive order calls for the federal government and private sector to partner to confront “persistent and increasingly sophisticated malicious cyber campaigns” that threaten U.S. security.
Biden’s executive order takes a number of steps aimed at modernizing the nation’s cybersecurity:
- Requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks, and removes certain contractual barriers that might stop providers from flagging breaches.
- Creates a standardized playbook and set of definitions for federal responses to cyber incidents.
- Pushes the federal government toward upgrading to secure cloud services and other cyber infrastructure, and mandates deployment of multifactor authentication and encryption with a specific time period.
- Improves security of software sold to the government, including by making developers share certain security data publicly.