President Joe Biden has signed an executive order that is intended to strengthen the country’s cybersecurity posture. To that end, the order mandates that federal agencies must implement multi-factor authentication and encryption within a 180-day time period, a move that has already received praise from the FIDO Alliance.
The introduction of multi-factor authentication is part of a greater shift toward zero-trust security protocols and cloud infrastructure at the federal level. In that regard, the executive order attempts to standardize America’s incident response procedures more generally. It asks the Commerce Department to create a clear set of standards that software providers need to meet before selling their services to the government, and asks the secretary of Homeland Security to create a new Cybersecurity Safety Review Board to investigate major events.
The Review Board will include representatives from the public and private sector, and will meet whenever a cybersecurity incident occurs. Their goal will be to figure out what happened, and to come up with policy recommendations to prevent and/or mitigate similar events in the future. In doing so, the Cybersecurity Board will essentially do for cyberattacks what the National Transportation Safety Board does following airplane crashes.
The executive order also seeks to improve communication between different government departments. The Biden administration specifically wants agencies (and private entities) to notify one another as soon as they become aware of a security breach, and to deploy the threat detection technology that makes such reporting possible in the first place. Agencies should create a log of events, and follow standardized incident response procedures.
“The executive order makes a significant contribution to modernize our cybersecurity—particularly federal security and software security, software we all use. But I should stress that it alone is not enough,” said a senior administration official. “This will be the first of many ambitious steps the public and private sectors must, and will, take together to safeguard our economy, security, and the services on which the American way of life relies.”
The Administration issued the executive order in the wake of the high-profile SolarWinds and Colonial Pipeline attacks. Congress is expected to support the order with laws that further strengthen the country’s cybersecurity capabilities.
May 18, 2021 – by Eric Weiss