By Christopher Bing and Nandita Bose
(Reuters) – U.S. President Joe Biden signed an executive order on Wednesday that advances federal cybersecurity capabilities and encourages improvements in digital security standards across the private sector which has been hit by a spate of cyber attacks.
The executive order establishes a series of initiatives designed to better equip federal agencies with cybersecurity tools.
It follows a cyberattack against the Colonial Pipeline that caused some internal computer systems to be disabled with ransomware. This led Colonial to shut the pipeline, triggering fuel shortages and panic buying in the southeastern United States.
On Wednesday, Atlanta-based Colonial said it “initiated the restart of pipeline operations at 5 p.m. ET.”
The order also requires that software companies selling to the government maintain certain cybersecurity standards in their products and report whether they themselves have been compromised by hackers. The requirement was first reported by Reuters in March.
A senior administration official described the executive order as having a “very significant” impact on the government’s ability to detect and respond to hacking incidents.
“It reflects a fundamental shift in our mindset from incident response to prevention, from talking about security to doing security, setting aggressive but achievable goals …” the official said.
The pipeline cyberattack is the latest in a string of cyber incidents against U.S. companies and government agencies over the last six months.
In December, a Russian supply-chain hacking operation became public which burrowed into nine federal agencies. More recently, the government has been investigating a different hacking campaign with ties to China that affected five civilian agencies.
“It’s hard to learn from each incident and ensure that broadly government and companies have information to protect themselves,” said the official.
“So, we have pushed the authority as far as we could and said anybody doing business with the U.S. government will have to share incidents, so that we can use that information to protect Americans.”
Senator Mark Warner, a Democrat, who chairs the Senate Intelligence Committee, said the executive order is a good first step but the United States “is simply not prepared to fend off state-sponsored or criminal hackers intent on compromising our systems for profit or espionage.”
“Congress is going to have to step up and do more to address our cyber vulnerabilities,” he said.
(Reporting by Christopher Bing and Nandita Bose; Additional reporting by Steve Holland, Editing by David Gregorio and Stephen Coates)