- The recent Colonial Pipeline hack brought cybersecurity to the top of the Biden administration's priority list
- President Biden's May executive order on cybersecurity outlined specific security requirements for federal agencies
- All organizations should consider updating their security in light of this new focus and recent attacks
After the recent Colonial Pipeline hack, President Biden has made it clear one of his main aims is to tackle cybersecurity in the United States. All businesses today need to be aware of this government emphasis on security and make the required steps to prevent vulnerabilities to cyber attacks.
May saw many Americans panic buying at the pump after the Colonial Pipeline was shut down as a consequence of a ransomware attack. For those who are unaware, this pipeline is a vital fuel source for all of the East Coast.
What is a ransomware attack? This is a type of cyber attack where malware infects a computer or system and holds data for ransom by encrypting it so it’s inaccessible. Even if the company or organization pays the ransom, there is no guarantee that the cyberattackers are going to keep up the side of their deal. More and more individuals and businesses are targeted with these sorts of attacks today as the prevalence of ransomware increases.
Improving the Nation’s Cybersecurity Executive Order (EO)
As a consequence of this incident, President Biden has been making positive steps to try and ramp up cybersecurity across the United States. In fact, in May he signed an Improving the Nation’s Cybersecurity Executive Order (EO), which has signaled the possibility of heightened regulatory oversight of regulations and laws pertaining to cybersecurity.
Speaking about the new EO, the President of the United States has stated that this calls for federal agencies to collaborate effectively with the private sector to deploy technologies that will enhance resilience against cyberattacks, improve cybersecurity practices, and share information. The aim of this EO is to make considerable contributions to modernizing the cybersecurity practices of the federal government, especially with regard to software security.
The government has already taken steps in recent years to update security, specifically in the Department of Defence through the new CMMC framework. This new order spreads that awareness and push for stricter standards out to the government and nation as a whole.
What Does the EO Do?
There are a number of different things that the EO aims to do. First, it seeks to generate new rules regarding IT security for select federal contractors. Aside from this, it demands that federal agencies need to implement added security measures across IT. Some of the security measures that are included in this include demanding agencies to accelerate the movement to secure services in the cloud.
There are a number of other things that the EO aims to achieve. This includes standardizing the incident response plan for the government, creating a national review board, and setting the standard for commercial software.
In regards to the latter, the EO directs that baseline security requirements are established based on best practices for the industry. A labeling methodology should also be established for manufacturers so that they can make sure that customers understand the security of the software products they sell.