Cybersecurity

Biden prepping cybersecurity executive order in response to SolarWinds attack

President Biden is preparing a cybersecurity executive order focused on helping the country protect itself from future cyberattacks following the sophisticated SolarWinds hack that was discovered in December.

The order, as it is written now, includes a spate of requirements that companies who conduct business with the government will be instructed to follow, according to NPR.

“So essentially, federal government procurement allows us to say, if you’re doing business with the federal government, here’s a set of things you need to comply with in order to do business with us,” Anne Nueberger, the deputy national security adviser for cyber and emerging technology at the White House, told NPR.

The SolarWinds attack, believed to be perpetrated by Russian hackers, was discovered last year. The hackers exploited software from the IT group SolarWinds, which helped them gain access to as many as 18,000 customers. A smaller number of the customers’ systems, however, were compromised by follow-on activity.

As a result, nine federal agencies and 100 private-sector groups were compromised during the months-long operation.

Biden announced sanctions on Russia earlier this month in response to the hack, among other concerns. The administration issued a formal attribution that named Russia’s Foreign Intelligence Service (SVR) as the culprit behind the cyberattack.

Specifically, the order lays out standards for software development and initiatives to expand systematic investigations that look into cyber events, NPR reported.

According to NPR, the order is centered on the idea that changes in the federal contracting process will “trickle down” reforms to the remainder of the private sector.

Nueberger told NPR that the executive order will “set the goal, give it a timeline and then establish the process to work out the details” on a number of cybersecurity plans, from establishing new ways to look into cyberattacks to creating standards for software.

Nueberger added that the administration performed a “detailed” study of SolarWinds, which revealed that there is “major work” to be done to “modernize our cybersecurity” and to “reduce the risk of this happening again.” She said the looming executive order is “a big part of that.”

The administration has been teasing “close to a dozen” action items on cybersecurity since March.

A senior Department of Homeland Security official told reporters during a phone call in March that the department is continuing “to work urgently to make the investments necessary, and the administration is working on close to a dozen actions for an upcoming executive order.”

Additionally, the administration last week kicked off a 100-day plan aimed at protecting the nation’s power grid against cyberattacks.

Updated: 5:12 p.m.