Joe Biden

Biden Signs Executive Order to Strengthen US Cybersecurity Defenses After Colonial Pipeline Hack

Drew Angerer | Getty Images
  • President Joe Biden's executive order comes as Colonial Pipeline continues to grapple with a crippling ransomware attack.
  • The attack has led to widespread fuel shortages along the East Coast and prompted an "all-of-government response" from the Biden administration.
  • Last year, software from the IT company SolarWinds was breached. Hackers gained access to communications and data in several government agencies.

President Joe Biden signed an executive order Wednesday aimed at strengthening U.S. cybersecurity defenses, a move that follows a series of sweeping cyberattacks on private companies and federal government networks over the past year.

The action comes as Colonial Pipeline continues to grapple with a crippling ransomware attack, which has led to widespread fuel shortages along the East Coast and prompted an all-of-government response.

The Colonial Pipeline hack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, allowing hackers to gain access to communications and data in several government agencies.

The president's executive order calls for the federal government and private sector to partner to confront "persistent and increasingly sophisticated malicious cyber campaigns" that threaten U.S. security.

Biden's executive order takes a number of steps aimed at modernizing the nation's cybersecurity:

  • Requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks, and removes certain contractual barriers that might stop providers from flagging breaches.
  • Creates a standardized playbook and set of definitions for federal responses to cyber incidents.
  • Pushes the federal government toward upgrading to secure cloud services and other cyber infrastructure, and mandates deployment of multifactor authentication and encryption with a specific time period.
  • Improves security of software sold to the government, including by making developers share certain security data publicly.
  • Establishes a "Cybersecurity Safety Review Board" comprising public- and private-sector officials, which can convene after cyber attacks to analyze the situation and make recommendations.
  • Improves info-sharing within the federal government by enacting a government-wide endpoint detection and response system.

News of the president's action came about an hour after Colonial announced it had restarted pipeline operations — though it will be days before fuel deliveries return to normal, the company said in a press release.

"Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal," said the statement, which also thanked the Biden administration "for their leadership and collaboration."

Biden Energy Secretary Jennifer Granholm first shared the update in a tweet after a phone call with Colonial CEO Tim Felt.

At the White House earlier Wednesday afternoon, President Joe Biden hinted his administration would soon have "good news" to share about its efforts to address the attack on Colonial.

The White House said Tuesday it was directing a "comprehensive federal response" aimed at restoring and securing U.S. energy supply chains in response to the incident.

On May 7, Colonial Pipeline paused its operations and notified federal agencies that it had fallen victim to a ransomware attack.

The assault, carried out by the criminal cyber group known as DarkSide, forced the company to shut down approximately 5,500 miles of pipeline, leading to a disruption of nearly half of the East Coast's fuel supply.

Logan Cyrus | AFP | Getty Images
An "Out Of Service" bag covers a gas pump as cars continue line up for the chance to fill their gas tanks at a Circle K near uptown Charlotte, North Carolina on May 11, 2021 following a ransomware attack that shut down the Colonial Pipeline.

Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.

Foreign governments have also been accused of launching cyberattacks to conduct espionage and sabotage.

In April, Washington formally held Russia's Foreign Intelligence Service responsible for carrying out the SolarWinds cyberattack. Microsoft President Brad Smith described the cyberattack as "the largest and most sophisticated attack the world has ever seen." Microsoft's systems were also infected with malicious software.

The Russian government denies all allegations that it was behind the SolarWinds hack.

CNBC's Kevin Breuninger reported from New York.

Copyright CNBC
Contact Us