President Joe Biden signed an executive order Wednesday meant to strengthen U.S. cybersecurity defences in response to a series of headline-grabbing hacking incidents that highlight how vulnerable the country’s public and private sectors are to high-tech spies and criminals operating from half a world away.
The order will require all federal agencies to use basic cybersecurity measures, like multi-factor authentication, and require new security standards for software makers that contract with the federal government.
Officials are hoping to leverage the federal government’s massive spending power to make widely used software safer for the private sector as well.
“The federal government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life,” Biden said in his executive order.
His actions come as the administration has been grappling with its response to a massive breach by Russia of federal agencies and ransomware attacks on private corporations.
Biden’s executive order was announced shortly after the nation’s largest fuel pipeline restarted operations Wednesday, days after it was forced to shut down by a gang of hackers. The disruption of the Colonial Pipeline caused long lines at gas stations in the Southeast.
And the U.S. sanctioned the Kremlin last month for a hack of several federal government agencies, known as the SolarWinds breach, that officials have linked to a Russian intelligence unit and characterized as an intelligence-gathering operation. The AP previously reported that Russian hackers gained access to an email account belonging to the Trump administration’s acting homeland security secretary, Chad Wolf.
“The United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage,” Sen. Mark Warner, the Virginia Democrat who leads the Senate Intelligence Committee, said in a statement.
Warner praised the executive order but said Congress needs to do more to address the country’s vulnerabilities in cyberspace.
The order also creates a pilot program to develop a rating system, similar to how New York City requires restaurants to display letter grades that correspond to scores received from sanitary inspections, to show whether software and internet-connected devices were developed securely.
Biden’s order will also require IT service providers that contract with the federal government to share certain information about cyber breaches, an information-sharing program that officials say will improve the county’s cybersecurity as a whole.
The order also establishes a cybersecurity safety review board that’s tasked with studying major cyber incidents and coming up with concrete recommendations. It’s modelled after the National Transportation Safety Board. As a nod to how influential the private sector is in cybersecurity, the new board will be co-chaired by an official from the government and another from the private sector.