President Joe Biden signed an implementing decree implemented new policies on Wednesday to improve national cybersecurity. The executive order follows a number of recent cybersecurity disasters, such as last week’s ransomware attack that brought down the Colonial Pipeline, the Microsoft Exchange server vulnerabilities that may have affected north of 60,000 organizations, and the SolarWinds hack which has compromised nine federal organizations. agencies late last year – each of which was specifically named by the White House in a fact sheet accompanying the order.
The executive decree outlines a number of initiatives, including reducing barriers to the sharing of information between the government and the private sector, making the use of multi-factor authentication mandatory in the federal government, setting up a Cybersecurity Safety Review Board to the National Transportation Safety Board’s model, and the creation of a standardized roadmap for responding to “cyber incidents”. You can read more about all initiatives in the White House fact sheet here.
In recent months, we’ve seen sample after sample of major IT systems failing, whether they enabled a massive effort, such as the email server hack of the state-sponsored Chinese hacking group Hafnium (the White House promised a response from the government ”on it), a ransomware attack that forced public schools to cancel classes, or even a few outages that made workers seem like they have abandoned their local water supply and messed up. The policies outlined in Wednesday’s executive decision could create critical infrastructure to help prevent future cyber security disasters – or, at the very least, better mitigate potential consequences.