President Joe Biden signed an executive order Wednesday meant to better protect the nation from cyberattacks, but even as he signed it, the White House acknowledged more will need to be done to prevent the type of hack that affected the Colonial Pipeline.
That attack, which temporarily shut down the pipeline supplying fuel to the eastern United States this week, caused gas stations to run dry and gas prices to spike as Americans flocked to the pumps in a spurt of panic buying.
Instead, officials described the order – months in the making – as an initial step toward hardening the systems and software that underpin the country’s basic functions. Going forward, Congress will need to act to require the private companies that control much of the nation’s critical infrastructure to do the same.
The order would require new standards on software used by the federal government, including adding encryption and multi-factor user verification to new technology, officials said. The requirements will need to be in place on a short timeline, some by as little as nine months. The government plans to roll out a rating system akin to restaurant health grades to rank products based on their cybersecurity.
A senior administration official likened the new requirements and labeling to purchasing a minivan with reliable ratings or building an earthquake-proof building in an area prone to seismic activity.
“The growing number and impact of incidents show us software security has to be a basic design consideration,” the official said.
The order would also create new protocols following a hack, requiring agencies and companies to share information with the federal government in the hopes of preventing the incident from spreading. A new panel will be created to review cybersecurity incidents similar to the transportation board that investigates plane crashes.
The order is limited to products and companies used by the federal government. But administration officials said they were hopeful the government’s vast purchasing power would spur other companies to follow suit in order to remain competitive. And many of the products used by the government – including Microsoft’s Outlook platform and Juniper’s networking products – are used widely in the private sector.