President Joe Biden on Wednesday ordered an overhaul of federal software systems and the contractors that supply them, days after a ransomware hack shuttered the largest petroleum pipeline between Texas and New York.
The Biden administration has grappled with a slew of high-profile cyberattacks since taking office, involving the SolarWinds breach by Russian intelligence and another targeting flaws in some Microsoft email software attributed to Chinese hackers. This week, at gas stations up and down the East Coast, drivers waited hours to fill fuel tanks as the Colonial Pipeline outage crept into a sixth day before the federal government helped the company back online.
Biden’s push to modernize national cyberdefenses aims to prevent these breaches, establishing baseline standards that agencies and suppliers must meet, such as encryption or multifactor authentication. Government contractors will also be required to report cybersecurity breaches quickly with officials.
OIL AND GAS INDUSTRY RESISTS CYBERSECURITY MANDATES AFTER COLONIAL PIPELINE ATTACK
“Today’s executive order makes a down payment towards modernizing our cyberdefenses and safeguarding many of the services on which we rely,” a senior administration official told reporters on an evening call, saying the White House had been working on the order since week two of Biden’s term. “It reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security.”
While the order does not directly target infrastructure operated by companies like Colonial Pipeline, some provisions could influence wider industry standards, the White House said.
The order also establishes a cybersecurity incident review board, led jointly by public- and private-sector experts.
Together, the new directives aim to secure the cyber landscape against future attacks. The goal is to increase demand for secure software by requiring all government purchases to meet the new standards within nine months and to share periodic security data.
“We’re going to use the power of federal procurement to jump-start this market because everything we buy has to be built securely,” the official said.
The official likened a measure to label and grade software to cleanliness standards instituted across New York City restaurants, displayed in windows.
“We’d never buy a family minivan knowing it could have potentially fatal defects or with the expectation of recalls,” the senior official said.
The order will affect the government’s ability to detect incursions rapidly, such as when a Russian intelligence agency targeted the software company SolarWinds, using the firm’s update feature to tunnel into nine federal agencies, technology firms, and utilities.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
Recent incidents “are a sobering reminder” of U.S. vulnerabilities to cyberattacks from foreign adversaries, including nation-states, this person said.
