Specifically citing a slew of recent incidents including SolarWinds, Microsoft Exchange server hacks and the ongoing Colonial Pipeline situation, President Biden signed an executive order today that focuses on "improving the nation's cybersecurity." The steps it lays out are supposed to improve information sharing between agencies, set policies to protect federal networks and improve the response to breaches by creating a standardized "playbook" that will be reviewed by the director of CISA.
According to a summary released at the same time, it also sets standards for software that's sold to the federal government, and tasks NIST with developing a labeling program "to educate the public on the security capabilities of Internet-of-Things (IoT) devices and software development practices" similar to existing Energy Star labels on appliances.
How much impact the order will have is unclear without action and funding from Congress, but it does lay out some first steps. According to NBC News, an administration official told reporters that it "reflects a fundamental shift in our mindset from incident response to prevention." In a statement, Senator Mark Warner said "This executive order is a good first step, but executive orders can only go so far."
This executive order is a good first step, but executive orders can only go so far. Congress will have to step up & do more to address our cyber vulnerabilities, & I look forward to working with the administration & my colleagues on both sides of the aisle to close those gaps. https://t.co/O8w1Ts9ddg
— Mark Warner (@MarkWarner) May 13, 2021