President Biden on Wednesday signed an executive order intended to improve the nation’s cybersecurity in the wake of a devastating attack on a major oil pipeline.
The new moves, including orders aimed at improving information sharing between security contractors and federal agencies, follow cyberattacks that have repeatedly caught the U.S. off guard.
“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy,” read the order from the president.
In the order, he said better security would require a bigger investment in cyberdefense and a better partnership between the government and the private sector.
The administration has faced criticism for its lack of both a defense and appropriate response to cyberattacks. The latest high-profile attack that hit Colonial Pipeline was believed to be the work of DarkSide, an Eastern European-based criminal gang with possible ties to Russia.
The order called for the government to modernize its security program and develop fully functional cloud-computing environments with zero trust architecture, which is tech speak for a system that treats all users as potential threats.
Mr. Biden set a 90-day deadline to develop the program.
The attack last week triggered the shutdown of the Colonial Pipeline, which supplies about half the fossil fuels consumed on the East Coast. The shutdown led to gasoline shortages, lines at gas stations and a spike in prices. The pipeline began operating again Wednesday after a six-day disruption.
Mr. Biden said that he was taking action.
“Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid,” he said in the order.
He said that too often the contracts for IT security at federal agencies bar the security companies from sharing information with other agencies.
A big part of the order involved changing the contracts and requiring agencies and their cybersecurity teams to share information about emerging threats, incidents and risks.
The information-sharing would involve the FBI and the Cybersecurity and Infrastructure Security Agency.
The order was applauded by Rep. Jim Langevin, Rhode Island Democrat and chairman of the Armed Services Subcommittee on Cybersecurity, Innovative Technologies, and Information Systems.
“I have long said that the federal government cannot partner with the private sector to defend the nation if it cannot defend itself. Today’s executive actions will address holes in federal network security by mandating commonsense security controls, like multi-factor authentication and encryption, that make all the difference,” he said in a statement.
He also said there was more work to do to safeguard America’s cyber networks.
“The president has outlined a bold vision for federal network defense, but we need to move quickly to extend that to the private sector critical infrastructure that remains at risk,” Mr. Langevin said.
• Ryan Lovelace contributed to this report.