On Wednesday, an executive order was signed by President Joe Biden which aimed at modernizing the approach of the federal government to cyberattacks by improving intelligence exchange between the US government and the private sector on cyber challenges, improving monitoring of hacking into federal infrastructure, and developing a “standardized playbook” on how the government reacts to attacks.
Confronted with concerns about whether the United States is not well equipped to defend its networks from cyberattacks such as the ransomware assault on the Colonial Pipeline, the directive aims to get the federal government ready to counter the possibilities of breach of security.
Although it eliminates obstacles to the private sector exchanging knowledge regarding hacks with the federal government, it falls short of mandating businesses like Colonial Pipeline to exchange information. On a call with the media, a senior administration official explained that the federal government would want private businesses engaged in business with the government to exchange information regarding hacking with it.
The officials have said that they are using the authority for the best and that they have mandated that everyone doing business with the US government exchange incidents with us in order for us to use the knowledge to secure Americans in a better way.
The official further said that the executive order is all about taking the requisite precautions to avoid cyber intrusions in the first place. And, second, ensuring that we are prepared to respond quickly to security breaches as they occur.
According to the official, the Biden administration has been focusing on this since its 2nd week, and it is intended to assist in addressing hacks close to the one that struck the Colonial Pipeline.
Officials further asserted that the Colonial was typically an incident of IT and this order would strengthen the security of IT applications.
According to the official, the directive requires any applications purchased by the federal government to follow such security requirements within nine months. Additionally, it establishes a pilot programme to produce a label so that the government – and the general public – may easily decide if software was built safely.
The official said that they are trying to increase awareness around software protection just as New York City increased visibility and cleanliness around restaurants by forcing restaurants to display basic ratings such as A, B, C, or D about their cleanliness.
