Beyond the headline: examining the Biden cybersecurity executive order

On May 12, 2021, the Biden administration released Executive Order 14028, “Improving the Nation's Cybersecurity”, which implements new directives intended to strengthen the nation’s cybersecurity posture. Some industry observers describe the executive order (EO) as the foundation for a fundamental shift in how the nation prioritizes cybersecurity concerns. Notably, the EO is expected to send ripples across the private sector (particularly federal contractors) with an emphasis on spurring greater collaboration and transparency. 

“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector and ultimately the American people’s security and privacy,” the order states. It goes on to note, “In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.”

 The first of many steps

President Biden touted the EO as “the first of many ambitious steps” to modernize the federal government’s cyber defense system. SolarWinds, Microsoft Exchange and the Colonial Pipeline incidents are three recent examples of exploited cyber weaknesses that resulted in significant consequences. The EO stresses that the federal government “must lead by example” while also highlighting ways that the private sector needs to tighten cybersecurity defenses.

At a high level, the executive order includes these steps:

• Remove barriers between the government and private sector that allow for better communication and more complete sharing of potential threats and breaches
• Implement stronger, more modern cybersecurity standards throughout the federal government
• Establish a Cybersecurity Safety Review Board, that is chaired by a combination of federal and private sector employees 
• Create a playbook to facilitate standardized responses to cyber incidents, both for the U.S. government and private businesses
• Strengthen the government’s ability to detect cyber incidents 
• Improve investigative and remediation capabilities for federal departments and agencies