US President Joe Biden signed an executive order Wednesday in the wake of a ransomware attack on a major US pipeline “to improve the nation’s cybersecurity and protect federal government networks.”
The executive order seeks to improve the security of software by “establishing baseline security standards for [the] development of software sold to the government,” including mandatory hack disclosure, multi-factor authentication, and data encryption. It also creates a Cybersecurity Safety Review Board charged with investigating cyberattacks and making “concrete recommendations” for improved security. The board will be modeled after the National Transportation Safety Board.
Recognizing that federal action alone is “not enough,” the order also calls on private sector companies to “take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”
The move follows the Colonial Pipeline stopping all pipeline operations on Satuday following a targeted cybersecurity attack. The pipeline—one of the largest in the US at over 5,500 miles long—transports nearly three million barrels of fuel daily from Houston, Texas, up the Atlantic Coast to New York. Several state governors cautioned against panic buying and declared emergencies due to gas shortages. Georgia Governor Brian Kemp declared a State of Emergency, temporarily suspending the state’s gas tax.
By Monday, the FBI confirmed that Colonial’s corporate networks fell victim to a ransomware attack by hacking group DarkSide. The US Cybersecurity and Infrastructure Security Agency defines ransomware as “an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.” After obtaining valuable data, criminal groups then hold that data hostage until the victim pays a ransom.
On Thursday, the New York Times reported that Colonial paid DarkSide “roughly 75 Bitcoin—or nearly $5 million—to recover its stolen data.” A media statement from Colonial states that it has restarted its entire pipeline system, but that it will take “several days for the product delivery supply chain to return to normal.”
Biden’s aides first drafted the executive order on infrastructure cybersecurity in December, after Russian hackers infiltrated Texas software-maker SolarWinds. A White House factsheet said such incidents “are a sobering reminder that US public and private sector entities increasingly face malicious cyber activity from both nation-state actors and cybercriminals.”