Cybersecurity Executive Order from Biden, Colonial Pipeline, and Private Business
The Cybersecurity Executive Order from President Biden is very relevant today. Does the Colonial Pipeline cybersecurity incident affect your private business? It might with President Biden’s new executive order. While many executive orders have attempted to approach cybersecurity, this one might actually have legs to it. This cybersecurity executive order will effect businesses in Atlanta GA and all over the United States.
On May 12, President Biden issued a sweeping 30-page “Executive Order on Improving the Nation’s Cybersecurity” in response to the Colonial Pipeline Ransomware attack. Interestingly, it goes a step further than prior executive orders as it extends to lessons learned from a recent crisis. Such Crises include the SolarWinds and Microsoft Exchange compromises. In addition, this executive order (EO) can expand to private businesses by way of government contracts and cybersecurity service offerings.
Colonial Pipeline Cybersecurity Incident is One in Several Attacks on US Private Business
Unfortunately, cybersecurity criminals are more sophisticated than ever before. As a result, both the United States government and businesses have significantly suffered from widespread security incidents. Recent incidents include:
- SolarWinds – On December 13, 2020, SolarWinds FTP password appeared on the dark web. Consequently, the leak resulted in a supply chain hack infiltrating the SolarWinds Orion software updates with malicious code. Once this happened, the hackers gained remote access to SolarWinds client networks. Victims included both private and government entities.
- Microsoft Exchange – In late February 2021, Microsoft discovered hackers used “web shells” (small scripts) to access compromised Exchange systems. Microsoft quickly issued a Zero-Day patch. Unfortunately, the vulnerability had already existed for two months.
- Colonial Pipeline – On May 7, 2021, a Ransomware attack on the pipeline operations resulted in the USA’s most extensive critical infrastructure cyber outage. The attack source is not known as of yet; however, it is likely from a phishing email, unpatched vulnerability, or stolen credentials.
As you can see, three major Cybersecurity hacks affected both the United States government and private businesses in less than six months.
Which Government Agency is Responsible for Carrying Out the Cybersecurity Executive Order?
CISA, the Cybersecurity & Infrastructure Security Agency established by President Trump, is the government agency that is responsible for carrying out the executive orders. As part of Homeland Security, they are responsible for leading the nation’s effort to control cybersecurity risks to the government’s critical infrastructure. With that in mind, government contracts for software create a supply chain cybersecurity threat.
On May 13, CISA Acting Director Wales issued the following statement about the EO, “This executive order will bolster our efforts to secure the federal government’s networks, including by enabling greater visibility into cybersecurity threats, advancing incident response capabilities, and driving improvements in security practices for key information technology used by federal agencies.”
Summary of the Cybersecurity Executive Order
The Cybersecurity Executive Order will have a rippling effect on businesses of all sizes. Effectively, the EO uses the federal government’s purchasing power to drive the software market to make more secure products. Moreover, in likeness to the “energy” label, software companies will get a sealed stamp of approval from CISA if they prove their software is secure. Thereby ensuring business leaders can also guard against the same threats.
However, because it is an executive order and not an act of Congress, they cannot enforce this on private businesses. So, at the end of the day, it is a choice of the software company.
That is if they want to implement it or not. Yet, if the software company does want to sell to the government, they will do it. And, if they choose to do it, they will have ultimate bragging rights of “sealed approval” products to sell to the public.
About INSI – The Best MSP in Atlanta!
INSI is the Top Managed Service Provider in Atlanta. We offer both complete IT support packages for clients with no internal IT and a la carte customized packages for small IT departments. Most importantly, we only charge the client for the exact service and level they actually need.
Interestingly, this unique support model has proven to save the client money and greatly complemented the client’s internal IT strengths. Call the Best MSP in Atlanta today at 770-387-2424, Option 2, for more information.
INSI’s Perspective on The Cybersecurity Executive Order
INSI will not express support or discontent with any government news. As an American-owned company, we have employees and clients on both sides of the aisle, and we want to be respectful of that. Therefore, this article and any similar articles in the future are nonbiased.
Contact us today to reach the best MSP in Atlanta! 770-387-2424, Option 2.
About the Author
Deborah Frazier is the author of IT Outsourcing Secrets – A Small Business Guide to Compare IT Support Companies. With nearly 20-years’ experience consulting small and medium-sized businesses on their IT support needs, she brings a wealth of knowledge to INSI as Head of Marketing and Sales. If you like this article and would like to get notified when a new article is posted, click here. To make an appointment for more information about INSI and our services, click here.