President Biden signed an executive order Wednesday boosting America’s cyberdefenses following a ransomware attack on a company that operates a pipeline that provides nearly half of the gasoline and jet fuel for the country’s East Coast.
The broad order, which the administration had been working on for months, aims to strengthen cybersecurity for federal networks and outline new security standards for commercial software used by both business and the public.
“Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals,” the White House fact sheet says.
In a briefing with reporters Wednesday, a senior Biden administration official said that the order “reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security.”
According to a summary released at the same time, it also sets standards for software that’s sold to the federal government, and tasks NIST with developing a labeling program “to educate the public on the security capabilities of Internet-of-Things (IoT) devices and software development practices” similar to existing Energy Star labels on appliances.
How much impact the order will have is unclear without action and funding from Congress, but it does lay out some first steps. According to NBC News, an administration official told reporters that it “reflects a fundamental shift in our mindset from incident response to prevention.” In a statement, Senator Mark Warner said “This executive order is a good first step, but executive orders can only go so far.”