Following the numerous cyberattacks against US state and private organizations in the past few months, President Biden signed an executive order yesterday to bolster the country’s cyber defenses against adversary attacks. The new policy foresees more timely access to information for law enforcement necessary for successful investigations into cyberattacks.
This year cyber attackers targeted US interests, the most worrisome were the SolarWinds supply-chain attacks in which Russia-backed actors compromised hundreds of organizations and even US state agencies, and the more recent DarkSide ransomware attack that shut down Colonial Pipeline, the largest fuel pipeline in the US.
The ‘Executive Order on Improving the Nation’s Cybersecurity‘ is a 34-page document that besides the orders for modernization of the cybersecurity defenses of the US federal government’s infrastructure, calls for increased communication between service providers and law enforcement, and presents a standardized incident response playbook.
More specifically, the executive order directs the government to:
- Require information and operational technology service providers to share information about cybersecurity threats and breaches that they experience or get to know about and to remove contract clauses that prevent such information sharing.
- Create a “Cyber Safety Review Board” that will include Federal and private-sector entities who will convene after a significant cyber incident to assess the attack, recommendations, and share confidential information with law enforcement.
- Modernize the federal government IT services and develop strict security guidelines on the use of cloud services, and among other things, adopt Zero Trust Architecture, multi-factor authentication, and encryption for data at rest and in transit.
- Improve supply-chain security; to this end, develop guidelines, best practices, and tools to audit and assure that critical software is protected; among other things, create a certification program and label that will show software was developed securely.
- Create a playbook for all government agencies that will outline their response to cyberattacks.
- Deploy a centralized Endpoint Detection and Response (EDR) solution and intra-governmental information sharing to improve detection and remediation of cybersecurity vulnerabilities in government networks.
These initiatives will be implemented gradually in phrases with deadlines ranging between 30 days to, in some cases, 360 days.
“This is one of the most detailed and deadline-driven EOs I’ve seen from any administration. In the wake of a seismic attack, like SolarWinds, this is incredibly encouraging to see,” said Amit Yoran, CEO of Tenable and founding director of US-CERT.