Biden Signs Cybersecurity Executive Order After Pipeline Attack

Biden Signs Cybersecurity Executive Order After Pipeline Attack president joe biden signs a stack of executive orders in the oval office President Joe Biden (Evan Vucci/AP)

Christopher Bing and Nandita Bose Wednesday, 12 May 2021 08:34 PM

President Joe Biden signed an executive order Wednesday that advances federal cybersecurity capabilities and encourages improvements in digital security standards across the private sector which has been hit by a spate of cyber attacks.

The executive order establishes a series of initiatives designed to better equip federal agencies with cybersecurity tools.

It follows a cyberattack against the Colonial Pipeline that caused some internal computer systems to be disabled with ransomware. This led Colonial to shut the pipeline, triggering fuel shortages and panic buying in the southeastern United States.

Atlanta-based Colonial said Wednesday it "initiated the restart of pipeline operations at 5 p.m. ET."

The order also requires software companies selling to the government maintain certain cybersecurity standards in their products and report whether they themselves have been compromised by hackers. The requirement was first reported by Reuters in March.

A senior administration official described the executive order as having a "very significant" impact on the government's ability to detect and respond to hacking incidents.

"It reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security, setting aggressive but achievable goals," the official said.

The pipeline cyberattack is the latest in a string of cyber incidents against U.S. companies and government agencies over the last six months.

In December, a Russian supply-chain hacking operation became public which burrowed into nine federal agencies. More recently, the government has been investigating a different hacking campaign with ties to China that affected five civilian agencies.

"It's hard to learn from each incident and ensure that broadly government and companies have information to protect themselves," said the official.

"So, we have pushed the authority as far as we could and said anybody doing business with the U.S. government will have to share incidents, so that we can use that information to protect Americans."

Sen. Mark Warner, D-Va., who chairs the Senate Intelligence Committee, said the executive order is a good first step but the United States "is simply not prepared to fend off state-sponsored or criminal hackers intent on compromising our systems for profit or espionage."

"Congress is going to have to step up and do more to address our cyber vulnerabilities," he said.