Biden signs order to beef up federal cyber defenses

RICHMOND, Va. — President Joe Biden signed an executive order Wednesday meant to strengthen U.S. cybersecurity defenses in response to a series of headline-grabbing hacking incidents that highlight how vulnerable the country’s public and private sectors are to high-tech spies and criminals operating from half a world away.

The order will require all federal agencies to use basic cybersecurity measures, like multi-factor authentication, and require new security standards for software makers that contract with the federal government. Officials are hoping to leverage the federal government’s massive spending power to improve security across all types of software.

The order comes as the administration has been grappling with its response to a massive breach by Russia of federal agencies and ransomware attacks on private corporations.

Hit by a cyberattack, the operator of a major U.S. fuel pipeline was forced to shut down service that is currently causing gas shortages throughout the Southeast. And the U.S. sanctioned the Kremlin last month for a hack of federal government agencies, known as the SolarWinds breach, that officials have linked to a Russian intelligence unit and characterized as an intelligence-gathering operation.

The order also creates a pilot program to develop a rating system, similar to how New York City requires restaurants to display letter grades that correspond to scores received from sanitary inspections, to show whether software was developed securely.

Biden’s order would also require IT service providers that contract with the federal government to share certain information about cyber breaches, an information-sharing program that officials say will improve the county’s cybersecurity as a whole.

The order also establishes a cybersecurity safety review board that’s tasked with studying major cyber incidents and coming up with concrete recommendations. It’s modeled after the National Transportation Safety Board. As a nod to how influential the private sector is in cybersecurity, the new board will be co-chaired by an official from the government and another from the private sector.