A senior Biden administration official dropped significant hints today about the contents of the administration’s expected executive order (EO) on cybersecurity. The coming EO has been much talked about in policy circles in recent weeks, with a consensus view that it will be released soon, but without much firm detail about its expected content.
Speaking at a White House press briefing today to talk about the administration’s order released today that sanctions the Russian government for the SolarWinds Orion cyberattack and other transgressions, the senior official offered some insight into the coming cyber executive order when asked whether the Russian attacks will change the way that the Federal government procures software.
“The SolarWinds incident highlighted the need to rapidly modernize federal cybersecurity,” the official said.
“We’ve kicked that effort off already, focused on the nine federal agencies who were compromised with five specific efforts: requiring a rapid rollout of encryption and multi-factor authentication; requiring a rapid rollout of security in the cloud; ensuring logging and endpoint detection is in place; and ensuring effective, mature security operations centers will be put in place as well,” the official said.
All of those efforts, the official continued, “will also be the hallmark of an upcoming executive order which will build on those with regard to setting standards for the software the U.S. government procures. As you know, the software the U.S. government procures is the same software and hardware used broadly by companies and governments in the U.S. and around the world.”
“So, putting the muscle of U.S. spending on information technology behind building more secure software and hardware is a key step to help companies and governments in the U.S. and around the world have the benefit of more secure software and hardware and, over the longer-term, counter sophisticated malicious cyber activity, as we saw in SolarWinds,” the official said.
Responding to further questioning, another senior administration official said the U.S. is not looking to further “escalate” tensions with Russia following today’s order.
“The United States reserves the right, of course, to take further action as necessary,” the official said. “But our view is that the best course forward at this point would be for us to, for the United States and Russia both, to get off of the ladder of escalation and find a stable way forward.”
“We will track closely the Russian government responses to this, and then make determinations from that on the way forward,” the official added.