President Biden signed an executive order on May 12, 2021, to strengthen cybersecurity in the U.S. and protect federal networks.[1] The executive order, titled “Executive Order on Improving the Nation's Cybersecurity,” comes in the aftermath of the ransomware attack that shut down the 5,500-mile Colonial oil pipeline on May 7, 2021. Colonial is the largest gasoline pipeline in the U.S. and supplies an estimated 40-45% of all fuel used on the East Coast. As of May 13, 2021, Colonial has restarted operations of the pipeline, but the brief shutdown caused widespread uncertainty.[2]
The executive order’s main directives are to 1) set more rigorous IT and cybersecurity policy, 2) remove barriers to information sharing among federal agencies, 3) modernize federal government cybersecurity, 4) enhance software supply chain security, 5) establish a cybersecurity safety review board, 6) standardize the federal government’s response to cybersecurity vulnerabilities and incidents, 7) improve detection of cybersecurity issues on federal networks, 8) improve the federal government’s investigative and remediation capabilities, and 9) adopt national systems security requirements. The Cybersecurity Safety Review Board will be co-chaired by the government and the private sector and will analyze lessons learned from major cybersecurity incidents. Although the order does not apply to the private sector, private companies will need to increase their own security to contract with the federal government.
[1] https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/fact-sheet-president-signs-executive-order-charting-new-course-to-improve-the-nations-cybersecurity-and-protect-federal-government-networks/
[2] https://www.colpipe.com/news/press-releases/media-statement-colonial-pipeline-system-disruption