President Joe Biden signed an executive order to modernize the nation's cybersecurity infrastructure and develop a concrete cyber incident response plan.
"Today, the cost of insecure technology is borne at the end by the victims in incident response — in incident response and cleanup, and small businesses, schools, hospitals, and local governments bear the brunt of these costs," a senior administration official said in a May 12 press briefing.
The executive order will address cybersecurity in four ways:
1. Protect federal networks.
The SolarWinds data breach demonstrated that the most basic cybersecurity prevention and response measures were not systemically rolled out across federal agencies. The executive order will roll out a set of high-impact cyber defenses that make it harder for malicious actors to compromise and operate on a hacked network.
2. Improve the security of commercial software.
Commercial software will be modernized in three ways. First, baseline security requirements will be established. Second, federal money will be used to jumpstart the market for secure software by requiring that all software meet these standards in nine months. Third, a response outline will be developed so that the federal government is in a position to respond quickly.
3. Address barriers to information sharing.
Federal agencies cannot defend what they cannot see, the official said. IT providers who sell to the government are required to report breaches rapidly and share cyber threat information, which the government will share with Americans.
4. Establish a Cyber Incident Review Board.
The board will convene following a significant cyber incident and make concrete recommendations for improving cybersecurity moving forward. The board will have a private sector co-chair, referencing the administration's focus on partnering with the private sector on cybersecurity.