President Biden is following his executive order on cybersecurity with more concrete action. The leader has signed a memorandum aiming to improve digital security for the Defense Department, the intelligence community and national security systems. The notice sets firmer requirements, both for schedules and for the technology needed to lock down government data.
The memo lets the NSA require agencies to take "specific actions" in response to threats and security flaws, and asks the NSA to coordinate with Homeland Security on directives. Agencies will also have to identify their national security systems, report incidents and secure tools that transfer data between classified and unclassified systems. The President's move also sets timelines and guidance for implementing technologies required in the executive order, ranging from encryption to multi-factor authentication.
Biden's move complements an order that was initially signed in response to critical infrastructure cyberattacks. In theory, this will tighten security at some of the most sensitive federal government institutions. As with the order, though, the memo can only accomplish so much without Congress' support. Virginia Senator Mark Warner, for instance, used the signing to ask Congress to pass legislation requiring notices of critical infrastructure breaches within 72 hours.
The timing is apt, at least. The President's effort comes as tensions rise between Russia, the US and American allies, with Ukraine blaming Russia for a string of cyberattacks that knocked out government websites. The situation might not lead to outright cyberwarfare, but the US still has a strong incentive to close as many security holes as possible.