On Wednesday, President Joe Biden signed an executive order enacting new policies aimed at improving national cybersecurity.
The executive order follows a string of recent cybersecurity disasters, including last week’s ransomware attack on the Colonial Pipeline, Microsoft Exchange server vulnerabilities that may have affected more than 60,000 organizations, and the SolarWinds hack that compromised nine federal agencies late last year — all of which were specifically mentioned by the White House.
The executive order outlines a number of initiatives, including lowering barriers to information sharing between the government and the private sector, mandating the deployment of multi-factor authentication in the federal government, establishing a Cybersecurity Safety Review Board modeled after the National Transportation Safety Board, and developing a standardized playbook for responding to “cybersecurity incidents.”
The White House’s fact sheet on all of the initiatives can be found here.
In recent months, we’ve seen example after example of major IT systems failing, whether they allowed for a massive effort like the email server hack by the state-sponsored Chinese hacking group Hafnium (the White House promised a “whole of government response” to that one), a ransomware attack that forced public schools to cancel classes or even a pair of breakdowns that appear to have been caused by the same person.
The policies outlined in Wednesday’s executive order could help build critical infrastructure to help prevent future cybersecurity disasters — or, at the very least, limit the fallout.