Environment

Biden signs executive order to strengthen U.S. cybersecurity defenses after Colonial Pipeline hack

U.S. President Joe Biden delivers remarks on the COVID-19 response and the ongoing vaccination program at the Eisenhower Executive Office Building on May 12, 2021 in Washington, DC.
Drew Angerer | Getty Images

WASHINGTON —  President Joe Biden signed an executive order Wednesday aimed at strengthening U.S. cybersecurity defenses, a move that follows a series of sweeping cyber attacks on private companies and federal government networks, a senior administration official said.

The action comes as Colonial Pipeline continues to grapple with a crippling ransomware attack, which has led to widespread fuel shortages along the East Coast and prompted an “all-of-government response” from the Biden administration.

The Colonial Pipeline hack is only the latest example of criminal groups or state actors exploiting U.S. cyber vulnerabilities. Last year, software from the IT company SolarWinds was breached, leading to hackers gaining access to communications and data in several government agencies.

“We simply cannot let ‘waiting for the next incident to happen’ to be the status quo under which we operate,” the official told reporters on a conference call Wednesday evening.

Biden’s executive order takes a number of steps aimed at modernizing the nation’s cybersecurity:

  • Requires IT service providers to tell the government about cybersecurity breaches that could impact U.S. networks, and removes certain contractual barriers that might stop providers from flagging breaches.
  • Creates a standardized playbook and set of definitions for federal responses to cyber incidents.
  • Pushes the federal government toward upgrading to secure cloud services and other cyber infrastructure, and mandates deployment of multifactor authentication and encryption with a specific time period.
  • Improves security of software sold to the government, including by making developers share certain security data publicly.
  • Establishes a “Cybersecurity Safety Review Board” comprising public- and private-sector officials, which can convene after cyber attacks to analyze the situation and make recommendations.
  • Improves info-sharing within the federal government by enacting a government-wide endpoint detection and response system.

News of the president’s action came about an hour after Colonial announced it had restarted pipeline operations — though it will be days before fuel deliveries return to normal, the company said in a press release.

“Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal,” said the statement, which also thanked the Biden administration “for their leadership and collaboration.”

Biden Energy Secretary Jennifer Granholm first shared the update in a tweet after a phone call with Colonial CEO Tim Felt.

At the White House earlier Wednesday afternoon, President Joe Biden hinted his administration would soon have “good news” to share about its efforts to address the attack on Colonial.

The White House said Tuesday it was directing a “comprehensive federal response” aimed at restoring and securing U.S. energy supply chains in response to the incident.

On May 7, Colonial Pipeline paused its operations and notified federal agencies that it had fallen victim to a ransomware attack.

The assault, carried out by the criminal cyber group known as DarkSide, forced the company to shut down approximately 5,500 miles of pipeline, leading to a disruption of nearly half of the nation’s East Coast fuel supply.

An “Out Of Service” bag covers a gas pump as cars continue line up for the chance to fill their gas tanks at a Circle K near uptown Charlotte, North Carolina on May 11, 2021 following a ransomware attack that shut down the Colonial Pipeline.
Logan Cyrus | AFP | Getty Images

Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.

In April, Washington formally accused Russia’s Foreign Intelligence Service, or SVR — its top spy agency — of carrying out the SolarWinds cyberattack, which has been described as “the largest and most sophisticated attack the world has ever seen.” The Russian government denies all of the allegations.

Ransomware attacks involve malware that encrypts files on a device or network that results in the system becoming inoperable. Criminals behind these types of cyberattacks typically demand a ransom in exchange for the release of data.

CNBC’s Kevin Breuninger reported from New York.