Privacy & Cybersecurity Law Blog

On May 12, 2021, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity. The Order outlines a number of initiatives intended to improve cybersecurity in the U.S. and protect federal government networks, including:

• Removing barriers to information sharing between the government and private sector, such as contractual obligations that otherwise would prohibit IT service providers from sharing certain breach information;
• Modernizing and implementing stronger cybersecurity standards in the federal government, for example, by mandating the deployment of multi-factor authentication and encryption;
• Improving software supply chain security by establishing baseline security standards for the development of software sold to the government and requiring developers to make security data publicly available;
• Establishing a Cybersecurity Safety Review Board (to be co-chaired by government and private sector leads) that may convene following a significant cyber incident to analyze what happened and make concrete recommendations for improving cybersecurity;
• Creating a standard playbook for responding to cyber incidents to ensure all federal agencies are prepared to take uniform steps to identify and mitigate a threat; and
• Improving the detection of cybersecurity incidents on federal government networks by enabling a government-wide endpoint detection and response system and improved information sharing within the federal government; and
• Improving investigative and remediation capabilities by creating robust cybersecurity event log requirements for federal departments and agencies.

Recognizing that much of the critical infrastructure in the U.S. is owned and operated by the private sector, a White House statement encourages private sector companies to “follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.”