The president yesterday created two major new cyber initiatives designed to help prevent and recover from attacks on public sector networks and services like we have seen with SolarWinds and Colonial Pipeline. First, government contractors will be required to report security breaches with a potentially harmful impact on federal systems. Second, the country will have a new investigative body to examine and analyze major attacks. The president also added some coverage for consumers, announcing a new program that will test labeling software with a security rating system.
These initiatives recognize that attacks on the highly interconnected systems that serve federal agencies, or on services that affect many Americans' daily lives, are economic and national security threats. Models for information-sharing about cyber threat actors and attacks already exist in critical infrastructure industries. The new rules spurred by yesterday's Executive Order may pave the way for greater public/private intelligence and prevention capabilities in the cyber realm.
The executive order will require technology providers that do business with the government to tell authorities about data breaches that could pose a danger to federal networks, the White House said. Biden also announced the formation of a Cybersecurity Safety Review Board that will analyze how major breaches unfolded, similar to the way that the National Transportation Safety Board issues reports after airplane crashes.