News

After High-Profile Attacks, Biden Calls for Better Software Security

Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

The order comes on the heels of a ransomware attack on Colonial Pipeline, which disrupted U.S. East fuel supplies. A Thursday report by Bloomberg stated that Colonial Pipeline paid almost $5 million to the attackers, citing unnamed sources, but it had trouble decrypting the ransomed data after getting the key.

The executive order announced Wednesday called out the Colonial Pipeline attack, as well as the "SolarWinds [and] Microsoft Exchange" security incidents. Several measures are indicated in the executive order. While the measures apply to federal agencies, the aim is to influence private sector practices, too, steered by federal purchasing power.

"We encourage private sector companies to follow the Federal government's lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents," the announcement stated.

The executive order aims to remove contractual barriers to information sharing between IT service providers and the government, although it didn't describe how that task would be accomplished. The order also calls for standardizing federal agencies' responses to cybersecurity incidents.

A Cybersecurity Safety Review Board, combining government officials and the private sector, is getting formed to make recommendations on cybersecurity. It'll be modeled after the National Transportation Safety Board, which reviews airline safety, incidents and crashes.

The order advocates the federal use of zero-trust architectures, with secure use of cloud-based services. Additionally, the order "mandates deployment of multifactor authentication and encryption with a specific time period," although details weren't provided.

The order described establishing a "Government-wide Endpoint Detection and Response (EDR)" system to better share information on security incidents. Federal agencies also are ordered to establish "robust and consistent logging practices."

A pilot program to label software, indicating the degree to which secure software development practices were used, is described in the order. This program might take the form of the current Energy Star program, which oversees energy-efficiency labels.  

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.