Following major cybersecurity disasters, the US strengthens defenses

President Biden signs a new executive order to modernize the country's protection against malware attacks and hacks

Cybersecurity in the US is about to receive a boostA new executive order should greatly increase the cybersecurity level of government organizations

On Wednesday, May 12, 2021, the White House has released “Executive Order on Improving the Nation’s Cybersecurity”.[1] It's 34 pages long and is created to upgrade the cybersecurity of federal institutions and their infrastructure,[2] improve communication between law enforcement agencies and service providers, create a standardized playbook on how law enforcement institutions should react to cyberattacks, and many other helpful actions.

Biden's administration issued the new executive order a week after a major cyberattack has shutdown the biggest pipeline in the US, beginning a gas shortage in the country's Southeast region. Biden's signed order should prevent such attacks in the future.

One senior administration official has commented on the new executive order:

Today’s executive orders makes a downpayment towards modernizing our cyber defenses and safeguarding many of the services on which we rely. It reflects a fundamental shift in our mindset from incident response to prevention

New policies should increase the country's cybersecurity posture

Changes in the cybersecurity of the US organizations and policies were a must to deal with the ever-growing attacks on residents, companies, and various institutions. The new order should implement new security techniques to help avoid cyberattacks and ensure that law enforcement and other agencies act swiftly in response.

As the same spokesman commented:

This executive order is about taking the steps necessary to prevent cyber intrusions from happening in the first place and second, insuring we're well positioned to respond rapidly to address incidents when they do occur.

Since the whole document consists of 34 pages, here's a brief summary of all most important aspects:

  • IT (information technology) providers will be obligated to share information about any security breaches, no matter if their contracts state otherwise.
  • Federal Government will move to secure cloud services and zero-trust architecture.[3] Data will be encrypted and multifactor authentication security implemented.
  • The invention of software development standard. The new “energy star” type of label would be given to securely developed software that would be available to the government and general public.
  • Establishment of Cybersecurity Safety Review Board consisting of the private sector and government agencies that would analyze cyberattacks and provide recommendations for preventing them.
  • Creation of a standard playbook and a set of definitions for responding to cyber incidents.

The strategy follows a series of cyberattacks on government and private networks

Companies, people, and institutions of the US have always been the favorite target of various cybercriminals and nation-state actors. Within a few years, major corporations and government agencies have suffered from various attacks, crippling their businesses and endangering citizens and the institutions themselves.

One of the most notable attacks happened last year. More than 40 organizations were hacked, but only a few have admitted it, including the US Department of Commerce and Energy and a cybersecurity company FireEye. The whole attack is called SolarWinds[4] because the hack was initiated by contaminating this companies software updates and sending them to its customers.

Another hack just a week ago was aimed at Colonial Pipeline, the largest one in the US. The ransomware attack resulted in a gas shortage in a few states, with Atlanta, Florida, and North Carolina being affected the most. Although city officials reassure residents that there's enough fuel for everyone, non-essential travels should be limited.[5]

Because of the pipeline shutdown, Southeast region residents began to panic buy gasoline, with some of them even pouring the fuel into plastic bags. We surely hope that with the implementation of the “Executive Order on Improving the Nation’s Cybersecurity,” US residents and companies can not only feel but be safer.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References