Biden indicators govt order to strengthen cybersecurity after Colonial Pipeline hack

0
144

US President Joe Biden will speak on May 12, 2021 in the Eisenhower Executive Office Building in Washington, DC, on the COVID-19 response and the ongoing vaccination program.

Drew Angerer | Getty Images

WASHINGTON – President Joe Biden signed an executive order to strengthen US cybersecurity defenses on Wednesday. This step follows a series of extensive cyber attacks on private companies and networks of the federal government in the past year.

The action comes because the Colonial Pipeline continues to grapple with a crippling ransomware attack that created widespread fuel shortages on the east coast and sparked an entire government response.

The Colonial Pipeline hack is just the latest example of criminal groups or state actors exploiting US cyber vulnerabilities. Last year, software from IT company SolarWinds was breached, allowing hackers to access communications and data in multiple government agencies.

The President’s Executive Order calls on the federal government and the private sector to join forces to counter “persistent and increasingly sophisticated malicious cyber campaigns” that threaten US security.

Biden’s Executive Ordinance takes a number of steps to modernize the country’s cybersecurity:

  • Urges IT service providers to notify the government of cybersecurity violations that could affect U.S. networks and removes certain contractual barriers that could prevent providers from reporting violations.
  • Creates a standardized playbook and a series of definitions for the reactions of the federal government to cyber incidents.
  • Is the federal government pushing for an upgrade to secure cloud services and other cyber infrastructures and prescribing the provision of multi-factor authentication and encryption for a certain period of time.
  • Improves the security of software sold to the government by allowing developers to publicly share certain security data.
  • Establish a “Cybersecurity Safety Review Board” made up of public and private sector officials who can meet after cyberattacks to analyze the situation and make recommendations.
  • Improves the exchange of information within the federal government by introducing a government-wide endpoint detection and response system.

News of the president’s action came about an hour after Colonial announced it had resumed pipeline operations – although it will take days for fuel deliveries to return to normal, the company said in a press release.

“Colonial will move as much gasoline, diesel and jet fuel as possible and will continue to do so until the markets normalize again,” the statement said, in which the Biden government thanked “for its leadership and cooperation”.

Biden Energy Minister Jennifer Granholm first shared the update in a tweet after a phone call with Tim Felt, Colonial CEO.

On Wednesday afternoon at the White House, President Joe Biden hinted that his administration would soon have “good news” of its efforts to counter the attack on Colonial.

The White House said Tuesday it had led a “comprehensive federal response” aimed at restoring and securing US energy supply chains in response to the incident.

On May 7, the Colonial Pipeline ceased operations and notified federal authorities that it had been the victim of a ransomware attack.

The attack, carried out by criminal cyber group DarkSide, forced the company to shut down about 5,500 miles of pipeline, cutting off half of the east coast’s fuel supplies.

An “out of order” bag covers a gas pump while cars line up at a Circle K near Uptown Charlotte, North Carolina on May 11, 2021 following a ransomware attack that shut down the Colonial Pipeline to fill their gas tanks.

Logan Cyrus | AFP | Getty Images

Ransomware attacks are malware that encrypts files on a device or network and causes the system to become inoperable. Criminals behind such cyber attacks usually demand a ransom in return for releasing data.

Foreign governments have also been accused of launching cyber attacks designed to carry out espionage and sabotage.

In April, Washington officially made the Russian foreign intelligence service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the cyberattack as “the largest and most sophisticated attack the world has ever seen”. Microsoft’s systems were also infected with malicious software.

The Russian government denies all allegations behind the SolarWinds hack.

CNBC’s Kevin Breuninger reported from New York.