A new memorandum requires cybersecurity measures at intelligence-gathering organizations to match or exceed those of federal civilian networks.
President Biden Joe Biden on Wednesday signed a memorandum to improve online security measures for the government's most sensitive computer networks.
Following an executive order signed last May, the new National Security Memorandum is intended to boost cybersecurity measures at the National Security Agency, the Department of Defense and other intelligence-gathering organizations, requiring them to match or exceed those of federal civilian networks.
The 17-page document "builds on the Biden Administration's work to protect our Nation from sophisticated malicious cyber activity, from both nation-state actors and cybercriminals," the White House said in a statement. "We are prioritizing and elevating cybersecurity like never before."
It authorizes practices common in the business world -- like including encryption, cloud technologies and multifactor authentication -- for intelligence agencies and related contractors. It also requires affected organizations to report cyberattack incidents to the NSA, described as the "national manager" for the government's classified systems, and to develop tools to securely share data between classified and unclassified systems.
The NSA has been eager to close the cybersecurity gap for nearly a decade, following the leaks of thousands of classified documents by former contractor Edward Snowden in 2013, the Wall Street Journal reported.
Last week, White House officials met with top executives from Apple, Google, Microsoft, Red Hat, Oracle and other tech companies to discuss how to improve the security of open-source software in the wake of the discovery last month of Log4Shell, a massive security flaw in the Java-logging library Apache Log4j that left tens of millions of Web-connected devices vulnerable.
While no federal agencies were compromised as a result of the Log4j flaw, Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said it was the most serious she's seen in her career.
"We do expect Log4Shell to be used in intrusions well into the future," Easterly told reporters earlier this month.