On May 12, President Joe Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks. Long in the works, the EO was released in the wake of multiple, serious cyber attacks on the nation, following most closely the ransomware attack on Colonial Pipeline that slowed fuel deliveries along the East Coast. “These incidents share commonalities, including insufficient cybersecurity defenses that leave public and private sector entities more vulnerable to incidents,” the White House said.
The EO is intended to help modernize cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector, and strengthening the United States’ ability to respond to incidents when they occur. However, the White House acknowledges that the EO applies only to federal agencies and that additional action is needed to protect critical infrastructure owned and operated by the private sector. Through the EO, the President encouraged private sector companies to take ambitious steps to augment and align cybersecurity investments with the goal of minimizing future incidents.
According to a fact sheet issued by the White House, the EO will:
- Remove Barriers to Threat Information Sharing Between Government and the Private Sector
- Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
- Improve Software Supply Chain Security
- Establish a Cybersecurity Safety Review Board
- Create a Standard Playbook for Responding to Cyber Incidents
- Improve Detection of Cybersecurity Incidents on Federal Government Networks
- Improve Investigative and Remediation Capabilities
What do the experts say?
Wiley: Biden’s Cyber EO Aims to Improve Federal Security and Move Private Sector
On May 12, 2021, President Biden issued the long-expected Executive Order on Improving the Nation’s Cybersecurity. The EO comes amidst a series of high-profile cyber-attacks on the Nation and its critical infrastructure, Information and Communications Technology (ICT) supply chain providers, and federal contractors, adding a heightened sense of urgency behind its implementation. In the related Fact Sheet the White House notes that “[r]ecent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline incident are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.”
Steptoe: New Executive Order on Cybersecurity Promises Major Changes Ahead for Government Contractors … and Beyond
On May 12, 2021, President Biden signed a landmark Executive Order to improve and modernize the federal government’s cybersecurity infrastructure. The Executive Order comes in the wake of numerous cyber incidents targeting the United States, including the so-called SolarWinds, Microsoft Exchange, and Colonial Pipeline incidents. The Executive Order will directly affect government contractors, including companies that sell software to the government or provide IT services. More broadly, but less directly, the Executive Order is likely to influence the informal, and eventually formal, development of cybersecurity standards for software and hardware makers and providers of online services generally, even when the government is not a customer.
Baker Donelson: Biden Administration Signals Dramatic Shift in Focus to Confront Cyber Concerns In Government Contracting
In a paradigm shift for cybersecurity, President Biden signed an ambitious Executive Order on May 12 to address the increasingly sophisticated threats by malicious cyber actors to the nation’s software supply chains and federal information systems. The Executive Order on Improving the Nation’s Cybersecurity seeks to modernize federal government cybersecurity, improve information sharing between federal agencies and the private sector, and enhance the nation’s resiliency to cyber-attacks. While the Order primarily focuses on concrete steps the federal government must take to adopt cybersecurity best practices, there are several provisions that will also significantly impact government contractors, subcontractors and other private sector entities. These changes come at a critical time for such organizations, especially those that are diligently working to meet CMMC requirements.
PilieroMazza: 8 Key Takeaways from Executive Order on Improving the Nation’s Cybersecurity for Government Contractors
On May 12, 2021, the Biden administration released a far-reaching executive order intended to improve the U.S. government’s cybersecurity posture, both internally and in any private information technology systems that “touch” federal IT systems. The executive order is available here, and a related fact sheet is available here. This executive order will work in tandem with existing initiatives, such as the Cybersecurity Maturity Model Certification, the Federal Risk and Authorization Management Program, and National Institute of Standards and Technology (NIST) publications. Notably, and unlike CMMC, the executive order is concerned more with improving the entire government’s IT systems to protect all information residing on those systems, and less with scaling protections based on types of information residing on contractor systems. If your contracts require you to access any government systems using your own internal IT systems or if you develop software for or on behalf of the government, this executive order will likely impact you.
Read our coverage of EO 14028 and additional commentary from our law firm partners at this link (note: some articles may remain behind our paywall).
To access all our content, try a Free Trial today!
