Biden’s broad executive order, which the administration has been working on for months, seeks to better equip federal agencies with cybersecurity tools and also encourages improvements in cybersecurity standards across the private sector.
The White House said in a fact sheet that the latest incident with the Colonial Pipeline is “a reminder that federal action alone is not enough” and that the private sector, which makes its own decisions regarding cybersecurity investments, owns and operates much of the United States’ critical infrastructure.
“We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents,” the White House said, while noting other past incidents such as with SolarWinds and Microsoft Exchange.
The 5,500-mile pipeline network carries gasoline and diesel from refineries in Texas and supplies about 45 percent of the fuel on the U.S. East Coast.
Atlanta-based Colonial restarted operations Wednesday afternoon after having temporarily shut down on May 7 following a ransomware attack by hackers who disabled some internal computer systems and demanded a ransom to release them.
The hackers didn’t take control of the pipeline operations but Colonial shut the pipeline down to contain the damage. The FBI on May 10 confirmed that the DarkSide cybercriminal ring was behind the attack. The shutdown triggered fuel shortages and increased gasoline prices across multiple U.S. states.
Biden’s cybersecurity order requires that software companies contracted by the government meet certain cybersecurity standards. They will also have to report about any of their their own security breaches, and the order will remove any contractual barriers to doing so.