Biden signs executive order aimed at shoring up US cybersecurity

The action comes amid concern that a recent cyberattack could create fuel shortages on the East Coast.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
3 min read

President Joe Biden signed an executive order Wednesday aimed at improving US cybersecurity defenses, an action that follows a string of cyberattacks on the federal government and private companies.

The action comes amid a crippling ransomware attack that forced the shutdown of a major US petroleum pipeline last week, leading to concern of widespread gas shortages along the East Coast. The attack, blamed on a hacker group known as the Darkside, reignited concerns about the vulnerability of critical infrastructure.

The executive order doesn't specifically mention the affected oil-and-gas infrastructure, but the White House pointed to the attack as an example of the need to do more to protect critical infrastructure.

"The Colonial Pipeline incident is a reminder that federal action alone is not enough," the White House said in a statement calling on private companies to "follow the federal government's lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents."

The 34-page executive order outlines a number of steps aimed at shoring up the nation's cybersecurity. It includes a call for the removal of contractual barriers to reporting federal agency breaches, the reporting of severe cyberattacks within three days, the establishment of a Cybersecurity Safety Review Board to investigate significant incidents, the creation of baseline security standards for development of software sold to the government, and the creation of a standardized playbook and set of definitions for government response to cyberattacks.

The executive order was announced after Colonial said it would resume pipeline operations on Wednesday though the pipeline operator cautioned that markets disrupted by the closure may take days to return to normal.

"Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal," Colonial said Wednesday a statement, which also thanked the Biden administration for its "leadership and collaboration."

While the action emerges amid the backdrop of the Colonial crisis, work on the the order began in the wake of last year's SolarWinds hack, which used tainted software from the IT management company to penetrate multiple US federal agencies and at least 100 private companies.

The Biden administration formally attributed the hack to Russia's Foreign Intelligence Service, or SVR. Russia has denied involvement in the hack.

The Biden administration said Thursday that it planned to launch a task force aimed at cracking down on hackers who use ransomware, after it was reported Colonial paid nearly $5 million to the hackers last week. Colonial paid the steep ransom within hours after the attack and was given a "decrypting tool to restore its disabled computer network," according to Bloomberg.

"Our Justice Department has launched a new task force dedicated to prosecuting ransomware hackers to the full extent of the law," Biden said in prepared remarks. He also said in a briefing that the FBI doesn't believe the Russian government was involved in the attack on Colonial. 

The Colonial pipeline shutdown increased concern about the use of cyberattacks to cripple key infrastructure. In ransomware schemes like the one used on Colonial, attackers use code to seize control of a computer system and then demand money to unlock it. The worldwide WannaCry ransomware attacks in 2017, for instance, locked up computer systems at hospitals, banks and phone companies. City governments in the US, including Baltimore's, have also been hobbled by ransomware assaults.