The president yesterday created two major new cyber initiatives designed to help prevent and recover from attacks on public sector networks and services like we have seen with SolarWinds and Colonial Pipeline. First, government contractors will be required to report security breaches with a potentially harmful impact on federal systems. Second, the country will have a new investigative body to examine and analyze major attacks. The president also added some coverage for consumers, announcing a new program that will test labeling software with a security rating system.
These initiatives recognize that attacks on the highly interconnected systems that serve federal agencies, or on services that affect many Americans' daily lives, are economic and national security threats. Models for information-sharing about cyber threat actors and attacks already exist in critical infrastructure industries. The new rules spurred by yesterday's Executive Order may pave the way for greater public/private intelligence and prevention capabilities in the cyber realm.