On May 12, 2021, President Biden signed an executive order (EO) mandating that the federal government significantly improve cybersecurity within its networks and modernize federal cyber.
Biden Requires Climate Considerations in Budget Process govexec.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govexec.com Daily Mail and Mail on Sunday newspapers.
Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial pipeline attack.
Remove barriers to threat information sharing between government and the private sector, particularly ensuring that IT service providers can share security breach information with the federal government.
Modernize and implement stronger cybersecurity standards in the federal government, including a move to cloud services and zero-trust architectures and multi-factor authentication (MFA) and encryption mandates.
Improve software supply chain security,
including establishing baseline security standards for software development for software sold to the government. The Commerce Department must publish minimum elements for a software bill of materials (SBOM) that traces the individual components that make up software.
Establish a cybersecurity safety review board
Thinkstock
Capping a dramatic week that saw major oil pipeline provider Colonial Pipeline crippled by a ransomware attack, the Biden administration released a highly anticipated, far-reaching and complex Executive Order on Improving the Nation s Cybersecurity. The executive order (EO) aims to chart a new course to improve the nation s cybersecurity and protect federal government networks.
The ambitious document uses the SolarWinds and Microsoft Exchangesupply chain hacks and the Colonial Pipeline ransomware infection as springboards for a series of initiatives that aim to minimize the frequency and impact of these kinds of incidents. These initiatives are:
Remove barriers to threat information sharing between government and the private sector, particularly ensuring that IT service providers can share security breach information with the federal government.