Biden cybersecurity order prompts new rules for govt software

President Joe Biden has ordered the creation of an air accident-style cyber review board and the imposition of new software standards for government agencies.

The order follows a spate of digital intrusions that have rattled the United States.

The executive order’s initiatives include the creation of a organization that would investigate major hacks along the lines of National Transportation Safety Board inquiries that are launched after plane crashes.

The order also include the imposition of new security standards for software bought by government agencies.

The order follows a digital extortion attempt against major fuel transport company Colonial Pipeline that triggered panic buying and fuel shortages in the southeastern United States.

Some recommendations were clearly aimed at avoiding a repeat of the hack of Texas software company SolarWinds, whose software was hijacked to break into government agencies and steal thousands of officials’ emails.

The software rules – which are due to be drawn up by the U.S. National Institute of Standards and Technology – were among the most important parts of the order, said Kiersten Todt, the managing director of the Cyber Readiness Institute, which is geared toward helping protect small- and medium-sized businesses.

Other rules imposed by the order mandate the use of multi-factor authentication – effectively a second failsafe password – and the use of encryption both for stored data and communications.

The order follows an series of dramatic or damaging hacks against American interests.

Beyond the digital ransom demand imposed on Colonial and the SolarWinds-linked compromises, foreign hackers have also used vulnerabilities in software made by Microsoft and Ivanti to extract data from U.S. government targets.