President Biden has signed an executive order to improve the nation's cybersecurity following a ransomware attack on the Colonial Pipelines which forced the company to shut down its operations.
The executive order seeks to better equip the federal agencies with cybersecurity tools and also encourages the improvement of cybersecurity standards across the private sector.
Biden also said that the federal action is not enough and the government needs the private sector to make its own decision regarding cybersecurity.
“We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments to minimize future incidents,” he said while noting other past incidents such as with SolarWinds and Microsoft Exchange.
Biden’s cybersecurity order requires that software companies contracted by the government meet certain cybersecurity standards. They will also have to report about any of their own security breaches, and the order will remove any contractual barriers to doing so.
The order will create a test program where a particular software will be labeled with an “energy star” system so that the government and the public “can quickly determine whether the software was developed securely.” The effort seeks to “use the purchasing power of the Federal Government to drive the market to build security into all software from the ground up.”
The order will also require a “zero-trust” approach to securing cloud services used by federal agencies, in part by mandating multifactor authentication and encryption within a specific time period to access such services.