Biden Signs Cybersecurity Executive Order After Colonial Pipeline Hack

Biden Signs Cybersecurity Executive Order After Colonial Pipeline Hack
Vice President Kamala Harris (L) listens as President Joe Biden speaks at the White House in Washington, on May 10, 2021. (Nicholas Kamm/AFP via Getty Images)
Mimi Nguyen Ly
5/12/2021
Updated:
5/12/2021

President Joe Biden signed an executive order that he says will improve the nation’s cybersecurity, following a hack of the computer systems linked to the Colonial Pipeline.

Biden’s broad executive order, which the administration has been working on for months, seeks to better equip federal agencies with cybersecurity tools and also encourages improvements in cybersecurity standards across the private sector.
The White House said in a fact sheet that the latest incident with the Colonial Pipeline is “a reminder that federal action alone is not enough” and that the private sector, which makes its own decisions regarding cybersecurity investments, owns and operates much of the United States’ critical infrastructure.

“We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents,” the White House said, while noting other past incidents such as with SolarWinds and Microsoft Exchange.

The 5,500-mile pipeline network carries gasoline and diesel from refineries in Texas and supplies about 45 percent of the fuel on the U.S. East Coast.

An out of service bag covers a pump handle at a gas station in Fayetteville, North Carolina, on May 12, 2021. (Sean Rayford/Getty Images)
An out of service bag covers a pump handle at a gas station in Fayetteville, North Carolina, on May 12, 2021. (Sean Rayford/Getty Images)

Atlanta-based Colonial restarted operations Wednesday afternoon after having temporarily shut down on May 7 following a ransomware attack by hackers who disabled some internal computer systems and demanded a ransom to release them.

The hackers didn’t take control of the pipeline operations but Colonial shut the pipeline down to contain the damage. The FBI on May 10 confirmed that the DarkSide cybercriminal ring was behind the attack. The shutdown triggered fuel shortages and increased gasoline prices across multiple U.S. states.

Biden’s cybersecurity order requires that software companies contracted by the government meet certain cybersecurity standards. They will also have to report about any of their their own security breaches, and the order will remove any contractual barriers to doing so.

The order will create a test program where a particular software will be labeled with an “energy star” system so that the government and the public “can quickly determine whether software was developed securely.” The effort seeks to “use the purchasing power of the Federal Government to drive the market to build security into all software from the ground up.”

The order will also require a “zero-trust” approach to securing cloud services used by federal agencies, in part by mandating multifactor authentication and encryption within a specific time period to access such services.

Other initiatives in the order includes creating standard protocols for federal departments and agencies to respond to potential future cyber incidents. The “standardized playbook” will also serve as a guide for the private sector, the White House said.

The order also creates a “Cybersecurity Safety Review Board” that will be co-chaired by government and private sector heads to convene after significant cyber incidents to analyze and make recommendations going forward. The new board is modeled after the National Transportation Safety Board, which attends to airplane crashes and other incidents.

Under the new order, a government-wide endpoint detection and response system—a cyber technology that continually monitors and responds to address cyber threats—will be enabled on federal networks. The Biden administration will also create requirements for federal departments and agencies for logging events and retaining other relevant data within an agency’s systems and networks.