November 24, 2024
Biden Directs Federal Cybersecurity Overhaul
Executive Order Follows Colonial Pipeline Attack
In response to the ransomware attack on Colonial Pipeline, President Biden ordered a number of new mandates for CISA to improve cybersecurity preparedness.

In response to last week’s ransomware attack against Colonial Pipeline, President Biden on Wednesday issued an executive order aiming to improve cybersecurity preparedness in both the public and private sectors.

The hack — which the FBI has attributed to the Eastern European criminal organization DarkSide — led Colonial to shut down its entire 5,500 miles of pipeline last Friday in order to contain the threat. (See Glick Calls for Pipeline Cyber Standards After Colonial Attack.) As of Thursday the company reported that the entire network had been restored to service and was supplying product to all of its markets, though Colonial warned that “it will take several days … to return to normal” and intermittent disruptions may still occur during that time.

Federal Cybersecurity
A tank farm operated by Colonial Pipeline. Last week’s ransomware attack on the company led to the shutdown of its entire 5,500 miles of pipe that supplies nearly half of the U.S. East Coast’s supply of gasoline, diesel, jet fuel and other petroleum products. | Colonial Pipeline

The idea that a crippling cyberattack against an element of U.S. critical infrastructure could be perpetrated by a gang of self-described politically neutral criminals rather than a rival state like Russia or China serves as a reminder that the nation-sponsored offensives that have gained the most headlines in recent years are not the only threats out there. Earlier this week several cybersecurity experts told ERO Insider that the U.S. needs a “more formal national security posture” that treats all cyberattacks as dangers to national security and creates a strong central role for the federal government. (See Experts Call for Cyber Shift in Response to Colonial Hack.)

Leading Role for Government

Biden’s order is not the comprehensive overhaul that some might like to see, but it reflects the seriousness with which the administration is treating the Colonial crisis. Most of the mandates are directed at federal agencies and their contractors — over which the executive branch has the most direct control — and include measures to modernize cybersecurity across the federal government, streamline the sharing of threat information between contractors and federal investigative agencies, and “create a standard playbook for responding to cyber incidents.”

The order creates a number of new mandates for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA); Biden announced last month that he will nominate Jen Easterly, formerly of Morgan Stanley, to head the agency. (See Biden to Name Morgan Stanley’s Easterly as CISA Head.) CISA’s responsibilities under the directive include reviewing federal agencies’ current cybersecurity requirements, developing future security strategies, and receiving reports of cyber vulnerabilities and incidents from government contractors.

Along with ensuring federal preparedness, the order is also intended, according to a fact sheet from the White House, to “encourage private companies to follow the federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”

It includes a cybersecurity safety review board led by public- and private-sector officials to investigate incidents and make recommendations for improvements, as well as a pilot for a software supply chain security labeling scheme that consumers can use to judge the safety of software products at a glance. The latter initiative builds on previous actions by both Biden and his predecessor to address cyber vulnerabilities in the hardware and software supply chains. (See Biden Targets Energy Sector in Supply Chain Order.)

NERC Pledges to Help in Cyber Fight

In a statement, NERC said it welcomed the order and looked forward to working with the public and private sectors to “address the marked increase in cyber and physical security threats.” Manny Cancel, senior vice president at NERC and CEO of the Electricity Information Sharing and Analysis Center (E-ISAC), praised its information-sharing provisions as particularly complementary to his organization’s mission.

“The E-ISAC relies heavily on intelligence provided by government agencies, industry partners and the insight gained through voluntary information sharing from our asset owners and operators,” Cancel said. “Cooperation and collaboration are fundamental aspects of our ability to share timely and actionable information with members and partners required to mitigate their exposure to these threats.”

FERC & Federal

Leave a Reply

Your email address will not be published. Required fields are marked *