Biden cybersecurity order mandates new rules for govt software

2 minute read
Register now for FREE unlimited access to

WASHINGTON, May 12 (Reuters) - President Joe Biden on Wednesday ordered the creation of an air accident-style cyber review board and the imposition of new software standards for government agencies following a spate of digital intrusions that have rattled the United States.

The executive order's initiatives include the creation of a organization that would investigate major hacks along the lines of National Transportation Safety Board inquiries that are launched after plane crashes. They also include the imposition of new security standards for software bought by government agencies - a requirement first reported by Reuters in March. read more

The order follows a digital extortion attempt against major fuel transport company Colonial Pipeline that triggering panic buying and fuel shortages in the southeastern United States. read more

Register now for FREE unlimited access to

Some recommendations were clearly aimed at avoiding a repeat of the hack of Texas software company SolarWinds, (SWI.N) whose software was hijacked to break into government agencies and steal thousands of officials' emails. read more

The software rules - which are due to be drawn up by the U.S. National Institute of Standards and Technology - were among the most important parts of the order, said Kiersten Todt, the managing director of the Cyber Readiness Institute, which is geared toward helping protect small- and medium-sized businesses.

"It's using the government's buying power to improve the security of software," Todt said, saying that if drafted correctly, the rules "will be a game changer in security."

Other rules imposed by the order mandate the use of multi-factor authentication - effectively a second failsafe password - and the use of encryption both for stored data and communications.

The order follows an series of dramatic or damaging hacks against American interests. Beyond the digital ransom demand imposed on Colonial - which sources told Reuters the company did not intend to pay - and the SolarWinds-linked compromises, foreign hackers have also used vulnerabilities in software made by Microsoft (MSFT.O) and Ivanti to extract data from U.S. government targets.

Senator Mark Warner, a Democrat who chairs the Senate Intelligence Committee, said the executive order is a good first step but the United States "is simply not prepared to fend off state-sponsored or criminal hackers intent on compromising our systems for profit or espionage."

"Congress is going to have to step up and do more to address our cyber vulnerabilities," he said.

Register now for FREE unlimited access to
Reporting by Chris Bing and Nandita Bose in Washington; Editing by Leslie Adler

Our Standards: The Thomson Reuters Trust Principles.

Thomson Reuters

Award-winning reporter covering the intersection between technology and national security with a focus on how the evolving cybersecurity landscape affects government and business.