We are currently migrating to a new member platform that will require occasional outages of the login system and mean that you may be unable to login or access member-protected files and pages today. Completion of the migration is expected this afternoon.

Security and Resilience (Cyber and Physical)

Biden signs cybersecurity executive order focused on securing federal networks

President Joseph Biden on May 12 signed a cybersecurity executive order (EO) that focuses on securing federal networks and establishes a new government entity modeled after the National Transportation Safety Review Board to review major breaches.

Along with establishing a cybersecurity safety review board, a White House fact sheet notes that the EO will:

  • Remove barriers to threat information sharing between government and the private sector
  • Modernize and implement stronger cybersecurity standards in the federal government
  • Improve software supply chain security
  • Create a standard playbook for responding to cyber incidents
  • Improve detection of cybersecurity incidents on federal government networks; and
  • Improve investigative and remediation capabilities

“Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals,” the fact sheet states. “These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents,” the White House said.

The Colonial Pipeline incident “is a reminder that federal action alone is not enough. Much of our domestic critical infrastructure is owned and operated by the private sector, and those private sector companies make their own determination regarding cybersecurity investments. We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents,” the White House fact sheet said.

Colonial Pipeline was a recent victim of a cybersecurity attack involving ransomware.  Colonial Pipeline initiated the restart of pipeline operations at approximately 5 p.m. ET on Wednesday, May 12. “Since that time, we have returned the system to normal operations, delivering millions of gallons per hour to the markets we serve,” it said in a May 15 tweet.

The EO is available here.