President Joe Biden has signed an executive order to protect federal networks from cyber threats and improve U.S. cybersecurity in response to recent hacks involving SolarWinds, Microsoft Exchange and Colonial Pipeline.
The order will eliminate barriers to sharing of threat information between the government and the private sector, modernize federal cybersecurity standards, improve software supply chain security, create a cyber safety review board, develop a standard playbook for cyber incident response, improve detection of cyber incidents on government networks and enhance investigative and remediation capabilities, The White House said Wednesday.
The order requires the director of the Office of Management and Budget to review the Federal Acquisition Regulation and the Defense Federal Acquisition Regulation Supplement language and requirements for contracting with information technology and operational technology service providers within 60 days.
The OMB director should also recommend updates to such requirements to ensure that OT and IT service providers gather and preserve data related to the detection, response and prevention of cyber incidents and share information with agencies.
Heads of federal agencies should come up with a plan to implement zero trust architecture and update existing plans to prioritize resources for the use of cloud technology within two months.
The new policy also requires the director of the National Institute of Standards and Technology to develop baseline security standards to improve the security of the software supply chain and launch pilot programs to raise awareness on software development practices and security capabilities of internet of things devices.