In the wake of the ransomware attack on the Colonial Pipeline that has threatened to create a fuel (and by extension economic) crisis in the United States, the Biden administration has signed an executive order to strengthen the cybersecurity posture of the nation’s most critical agencies and networks.
Previously, Biden took a more incremental approach. However, the recent ransomware attack made it clear that things need to move faster and more decisively if the United States wishes to protect against hackers, be it state actors or financially motivated gangs.
Here are the main points of the newly signed executive order:
These are all things that have been under discussion for years and elements that the infosec community has been highlighted again and again. The order hasn’t been hastily put together, though. It was actually in preparation for weeks now, and it just happened that it coincided with the DarkSide ransomware incident - and maybe it was a bit sped up in its pushing.
So, all in all, the information-sharing barriers between key entities in the country will be lifted, and endpoint detection and response mechanisms will now be controlled centrally. Moreover, the vendors of software used by government entities will be more open to sharing key information with the public, instead of keeping everything secret on the excuse of protecting patents and technological advantages.
All federal government networks and users will now use MFA to access cloud services, and all sensitive data will be stored encrypted. And finally, promoting good practices and developing recommendations to defend against a dynamically changing threat landscape will be the job of a safety review board consisting of experts in the field.